mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity

modphp: Security Advisory - php - CVE-2014-5120

Browse Source 
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before
5.5.16 does not ensure that pathnames lack %00 sequences, which might
allow remote attackers to overwrite arbitrary files via crafted input to
an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif,
(4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This commit is contained in:
Yue Tao
2014-10-23 16:29:13 +08:00
committed by Martin Jansa
parent d47b4c7ca0
commit 81aecee0ed
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-webserver/recipes-php/modphp/modphp5.inc
+1
View File
@@ -9,6 +9,7 @@ SRC_URI = "http://www.php.net/distributions/php-${PV}.tar.bz2 \
file://pthread-check-threads-m4.patch \
file://70_mod_php5.conf \
file://0001-using-pkgconfig-to-check-libxml.patch \
file://php-CVE-2014-5120.patch \
"
S = "${WORKDIR}/php-${PV}"