Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in php-pecl-http
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in php-pecl-http
ID: FEDORA-2016-2dd0491a70
Distribution: Fedora
Plattformen: Fedora 24
Datum: Di, 20. Dezember 2016, 22:52
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7961

Originalnachricht

Name        : php-pecl-http
Product : Fedora 24
Version : 2.6.0
Release : 1.fc24
URL : http://pecl.php.net/package/pecl_http
Summary : Extended HTTP support
Description :
The HTTP extension aims to provide a convenient and powerful set of
functionality for major applications.

The HTTP extension eases handling of HTTP URLs, dates, redirects, headers
and messages in a HTTP context (both incoming and outgoing). It also provides
means for client negotiation of preferred language and charset, as well as
a convenient way to exchange arbitrary data with caching and resuming
capabilities.

Also provided is a powerful request and parallel interface.

Version 2 is completely incompatible to previous version.

Documentation : https://mdref.m6w6.name/http

-------------------------------------------------------------------------------
-
Update Information:

**Version 2.6.0** + Added http\Client\Curl\User interface for userland event
loops + Added http\Url::IGNORE_ERRORS, http\Url::SILENT_ERRORS and
http\Url::STDFLAGS + Added http\Client::setDebug(callable $debug) + Added
http\Client\Curl\FEATURES constants and namespace + Added
http\Client\Curl\VERSIONS constants and namespace + Added share_cookies and
share_ssl (libcurl >= 7.23.0) options to http\Client::configure() +
http\Client
uses curl_share handles to properly share cookies and SSL/TLS sessions between
requests + Improved configure checks for default CA bundles + Improved
negotiation precision * Fixed regression introduced by
http\Params::PARSE_RFC5987: negotiation using the params parser would receive
param keys without the trailing asterisk, stripped by
http\Params::PARSE_RFC5987. * Fix gh-issue #50: http\Client::dequeue() within
http\Client::setDebug() causes segfault (Mike, Maik Wagner) * Fix gh-issue #47:
http\Url: Null pointer deref in sanitize_value() (Mike, rc0r) * Fix gh-issue
#45: HTTP/2 response message parsing broken with libcurl >= 7.49.1 (Mike) *
Fix
gh-issue #43: Joining query with empty original variable in query (Mike, Sander
Backus) * Fix gh-issue #42: fatal error when using punycode in URLs (Mike,
Sebastian Thielen) * Fix gh-issue #41: Use curl_version_info_data.features when
initializing options (Mike) * Fix gh-issue #40: determinde the SSL backend used
by curl at runtime (Mike, rcanavan) * Fix gh-issue #39: Notice:
http\Client::enqueue(): Could not set option proxy_service_name (Mike,
rcanavan)
* Fix gh-issue #38: Persistent curl handles: error code not properly reset
(Mike, afflerbach) * Fix gh-issue #36: Unexpected cookies sent if
persistent_handle_id is used (Mike, rcanavan, afflerbach) * Fix gh-issue #34:
allow setting multiple headers with the same name (Mike, rcanavan) * Fix gh-
issue #33: allow setting prodyhost request option to NULL (Mike, rcanavan) *
Fix
gh-issue #31: add/improve configure checks for default CA bundle/path (Mike,
rcanavan) Changes from beta1: * Fixed PHP-5.3 compatibility * Fixed recursive
calls to the event loop dispatcher Changes from beta2: * Fix bug #73055:
crash
in http\QueryString (Mike, rc0r) (CVE-2016-7398) * Fix bug #73185: Buffer
overflow in HTTP parse_hostinfo() (Mike, rc0r) (CVE-2016-7961) * Fix HTTP/2
version parser for older libcurl versions (Mike)
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade php-pecl-http' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung