[Pkg-php-commits] [php/debian-sid] Cherry pickupstream fix for CVE-2010-2950
Ondřej Surý
ondrej at sury.org
Thu Oct 21 09:46:23 UTC 2010
---
debian/patches/CVE-2010-2950.patch | 11 +++++++++++
debian/patches/series | 1 +
2 files changed, 12 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/CVE-2010-2950.patch
diff --git a/debian/patches/CVE-2010-2950.patch b/debian/patches/CVE-2010-2950.patch
new file mode 100644
index 0000000..ca9b051
--- /dev/null
+++ b/debian/patches/CVE-2010-2950.patch
@@ -0,0 +1,11 @@
+--- a/ext/phar/stream.c 2010/08/20 15:44:57 302564
++++ b/ext/phar/stream.c 2010/08/20 16:37:33 302565
+@@ -470,7 +470,7 @@
+ if (stream->mode[0] == 'w' || (stream->mode[0] == 'r' && stream->mode[1] == '+')) {
+ ret = phar_flush(((phar_entry_data *)stream->abstract)->phar, 0, 0, 0, &error TSRMLS_CC);
+ if (error) {
+- php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, error);
++ php_stream_wrapper_log_error(stream->wrapper, REPORT_ERRORS TSRMLS_CC, "%s", error);
+ efree(error);
+ }
+ return ret;
diff --git a/debian/patches/series b/debian/patches/series
index 2c1b54a..bf72e85 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
+CVE-2010-2950.patch
001-libtool_fixes.patch
002-static_openssl.patch
004-ldap_fix.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list