Upstream has released PHP 5.4.35 on November 13: http://php.net/archive/2014.php#id2014-11-13-3 http://www.php.net/ChangeLog-5.php#5.4.35 Some of the fixes may be security related (in fact, the release announcement says they are), but I know of no CVEs other than CVE-2014-3710, which we fixed in our previous update. Updated package uploaded for Mageia 3. Advisory: ---------------------------------------- PHP has been updated to version 5.4.35, fixing several bugs. See the release announcement and ChangeLog for details. Note that CVE-2014-3710 was already fixed in MGASA-2014-0441. References: http://php.net/archive/2014.php#id2014-11-13-3 http://www.php.net/ChangeLog-5.php#5.4.35 ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- php-ini-5.4.35-1.mga3 apache-mod_php-5.4.35-1.mga3 php-cli-5.4.35-1.mga3 php-cgi-5.4.35-1.mga3 libphp5_common5-5.4.35-1.mga3 php-devel-5.4.35-1.mga3 php-openssl-5.4.35-1.mga3 php-zlib-5.4.35-1.mga3 php-doc-5.4.35-1.mga3 php-bcmath-5.4.35-1.mga3 php-bz2-5.4.35-1.mga3 php-calendar-5.4.35-1.mga3 php-ctype-5.4.35-1.mga3 php-curl-5.4.35-1.mga3 php-dba-5.4.35-1.mga3 php-dom-5.4.35-1.mga3 php-enchant-5.4.35-1.mga3 php-exif-5.4.35-1.mga3 php-fileinfo-5.4.35-1.mga3 php-filter-5.4.35-1.mga3 php-ftp-5.4.35-1.mga3 php-gd-5.4.35-1.mga3 php-gettext-5.4.35-1.mga3 php-gmp-5.4.35-1.mga3 php-hash-5.4.35-1.mga3 php-iconv-5.4.35-1.mga3 php-imap-5.4.35-1.mga3 php-interbase-5.4.35-1.mga3 php-intl-5.4.35-1.mga3 php-json-5.4.35-1.mga3 php-ldap-5.4.35-1.mga3 php-mbstring-5.4.35-1.mga3 php-mcrypt-5.4.35-1.mga3 php-mssql-5.4.35-1.mga3 php-mysql-5.4.35-1.mga3 php-mysqli-5.4.35-1.mga3 php-mysqlnd-5.4.35-1.mga3 php-odbc-5.4.35-1.mga3 php-pcntl-5.4.35-1.mga3 php-pdo-5.4.35-1.mga3 php-pdo_dblib-5.4.35-1.mga3 php-pdo_firebird-5.4.35-1.mga3 php-pdo_mysql-5.4.35-1.mga3 php-pdo_odbc-5.4.35-1.mga3 php-pdo_pgsql-5.4.35-1.mga3 php-pdo_sqlite-5.4.35-1.mga3 php-pgsql-5.4.35-1.mga3 php-phar-5.4.35-1.mga3 php-posix-5.4.35-1.mga3 php-readline-5.4.35-1.mga3 php-recode-5.4.35-1.mga3 php-session-5.4.35-1.mga3 php-shmop-5.4.35-1.mga3 php-snmp-5.4.35-1.mga3 php-soap-5.4.35-1.mga3 php-sockets-5.4.35-1.mga3 php-sqlite3-5.4.35-1.mga3 php-sybase_ct-5.4.35-1.mga3 php-sysvmsg-5.4.35-1.mga3 php-sysvsem-5.4.35-1.mga3 php-sysvshm-5.4.35-1.mga3 php-tidy-5.4.35-1.mga3 php-tokenizer-5.4.35-1.mga3 php-xml-5.4.35-1.mga3 php-xmlreader-5.4.35-1.mga3 php-xmlrpc-5.4.35-1.mga3 php-xmlwriter-5.4.35-1.mga3 php-xsl-5.4.35-1.mga3 php-wddx-5.4.35-1.mga3 php-zip-5.4.35-1.mga3 php-fpm-5.4.35-1.mga3 php-apc-3.1.14-7.14.mga3 php-apc-admin-3.1.14-7.14.mga3 php-gd-bundled-5.4.35-1.mga3 from SRPMS: php-5.4.35-1.mga3.src.rpm php-apc-3.1.14-7.14.mga3.src.rpm php-gd-bundled-5.4.35-1.mga3.src.rpm Reproducible: Steps to Reproduce:
Testing Procedure: https://bugs.mageia.org/show_bug.cgi?id=13796#c8 and following comments. Basically: choose a list of PHP webapps and test that they still work.
Whiteboard: (none) => has_procedure
Testing in Mageia3-64 Tested on current php packages drupal, wordpress, phpmyadmin. Updated to testing packages $ rpm -q php-ini php-ini-5.4.35-1.mga3 Tested drupal, wordpress, phpmyadmin. All ok.
CC: (none) => olchalWhiteboard: has_procedure => has_procedure MGA3-64-OK
Testing complete Mageia 3 i586. Tested Moodle with this update. Also tested my old php-cgi/php-gd/php-dba/apache-mod_userdir/apache-mod_suexec test cases. Everything worked OK.
Whiteboard: has_procedure MGA3-64-OK => has_procedure MGA3-32-OK MGA3-64-OK
Validating, advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA3-32-OK MGA3-64-OK => has_procedure MGA3-32-OK MGA3-64-OK advisoryCC: (none) => remi, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGAA-2014-0196.html
Status: NEW => RESOLVEDResolution: (none) => FIXED