Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK)) by mollari.NetBSD.org (Postfix) with ESMTPS id C26FAA654F for ; Sun, 6 Sep 2015 12:26:39 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id 3DDBC14A28B; Sun, 6 Sep 2015 12:26:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 636C214A210 for ; Sun, 6 Sep 2015 12:26:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id CPUP-lOiBZkt for ; Sun, 6 Sep 2015 12:26:37 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id B391714A209 for ; Sun, 6 Sep 2015 12:26:37 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id B176098; Sun, 6 Sep 2015 12:26:37 +0000 (UTC) Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" MIME-Version: 1.0 Date: Sun, 6 Sep 2015 12:26:37 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/lang To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20150906122637.B176098@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: taca Date: Sun Sep 6 12:26:37 UTC 2015 Modified Files: pkgsrc/lang/php: phpversion.mk pkgsrc/lang/php55: distinfo Log Message: Update php55 to 5.5.29 including security fixes. 03 Sep 2015, PHP 5.5.29 - Core: . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas) . Fixed bug #70219 (Use after free vulnerability in session deserializer). (taoguangchen at icloud dot com) - EXIF: . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas) - hash: . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com) - PCRE: . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski) - SOAP: . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas) - SPL: . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com) . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com) - XSLT: . Fixed bug #69782 (NULL pointer dereference). (Stas) - ZIP: . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (neal at fb dot com) To generate a diff of this commit: cvs rdiff -u -r1.109 -r1.110 pkgsrc/lang/php/phpversion.mk cvs rdiff -u -r1.44 -r1.45 pkgsrc/lang/php55/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.