security patch from upstream for #660517 (CVE-2010-4409)

This commit is contained in:
remi 2010-12-12 15:57:34 +01:00
parent ad1c041018
commit 06b4784236
2 changed files with 24 additions and 1 deletions

14
php-5.3.4-cve.patch Normal file
View File

@ -0,0 +1,14 @@
--- php/php-src/branches/PHP_5_3/ext/intl/formatter/formatter_attr.c 2010/12/10 00:37:31 306153
+++ php/php-src/branches/PHP_5_3/ext/intl/formatter/formatter_attr.c 2010/12/10 00:47:51 306154
@@ -311,6 +311,11 @@
RETURN_FALSE;
}
+
+ if (symbol >= UNUM_FORMAT_SYMBOL_COUNT || symbol < 0) {
+ intl_error_set( NULL, U_ILLEGAL_ARGUMENT_ERROR, "numfmt_set_symbol: invalid symbol value", 0 TSRMLS_CC );
+ RETURN_FALSE;
+ }
/* Fetch the object. */
FORMATTER_METHOD_FETCH_OBJECT;

View File

@ -27,7 +27,7 @@
Summary: PHP scripting language for creating dynamic web sites Summary: PHP scripting language for creating dynamic web sites
Name: php Name: php
Version: 5.3.4 Version: 5.3.4
Release: 1%{?dist} Release: 1%{?dist}.1
License: PHP License: PHP
Group: Development/Languages Group: Development/Languages
URL: http://www.php.net/ URL: http://www.php.net/
@ -62,6 +62,10 @@ Patch42: php-5.3.1-systzdata-v7.patch
# See http://bugs.php.net/53436 # See http://bugs.php.net/53436
Patch43: php-5.3.4-phpize.patch Patch43: php-5.3.4-phpize.patch
# Security patch from upstream SVN
# http://svn.php.net/viewvc?view=revision&revision=306154
Patch50: php-5.3.4-cve.patch
# Fixes for tests # Fixes for tests
Patch61: php-5.0.4-tests-wddx.patch Patch61: php-5.0.4-tests-wddx.patch
@ -480,6 +484,8 @@ support for using the enchant library to PHP.
%patch42 -p1 -b .systzdata %patch42 -p1 -b .systzdata
%patch43 -p0 -b .headers %patch43 -p0 -b .headers
%patch50 -p4 -b .cve
%patch61 -p1 -b .tests-wddx %patch61 -p1 -b .tests-wddx
# Prevent %%doc confusion over LICENSE files # Prevent %%doc confusion over LICENSE files
@ -970,6 +976,9 @@ fi
%files enchant -f files.enchant %files enchant -f files.enchant
%changelog %changelog
* Sun Dec 12 2010 Remi Collet <rpms@famillecollet.com> 5.3.4-1.1
- security patch from upstream for #660517
* Sat Dec 11 2010 Remi Collet <Fedora@famillecollet.com> 5.3.4-1 * Sat Dec 11 2010 Remi Collet <Fedora@famillecollet.com> 5.3.4-1
- update to 5.3.4 - update to 5.3.4
http://www.php.net/ChangeLog-5.php#5.3.4 http://www.php.net/ChangeLog-5.php#5.3.4