Sicherheit: Zwei Probleme in php-pecl-http
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in php-pecl-http
ID: FEDORA-2016-939a69712d
Distribution: Fedora
Plattformen: Fedora 25
Datum: Di, 20. Dezember 2016, 18:39
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7398
Applikationen: php-pecl-http


Name        : php-pecl-http
Product : Fedora 25
Version : 3.1.0
Release : 1.fc25
URL : http://pecl.php.net/package/pecl_http
Summary : Extended HTTP support
Description :
The HTTP extension aims to provide a convenient and powerful set of
functionality for major applications.

The HTTP extension eases handling of HTTP URLs, dates, redirects, headers
and messages in a HTTP context (both incoming and outgoing). It also provides
means for client negotiation of preferred language and charset, as well as
a convenient way to exchange arbitrary data with caching and resuming

Also provided is a powerful request and parallel interface.

Version 2 is completely incompatible to previous version.

Documentation : https://mdref.m6w6.name/http

Update Information:

** Version 3.1.0** + Added http\Client\Curl\User interface for userland event
loops + Added http\Url::IGNORE_ERRORS, http\Url::SILENT_ERRORS and
http\Url::STDFLAGS + Added http\Client::setDebug(callable $debug) + Added
http\Client\Curl\FEATURES constants and namespace + Added
http\Client\Curl\VERSIONS constants and namespace + Added share_cookies and
share_ssl (libcurl >= 7.23.0) options to http\Client::configure() +
uses curl_share handles to properly share cookies and SSL/TLS sessions between
requests + Improved configure checks for default CA bundles + Improved
negotiation precision * Fixed regression introduced by
http\Params::PARSE_RFC5987: negotiation using the params parser would receive
param keys without the trailing asterisk, stripped by
http\Params::PARSE_RFC5987. * Fix gh-issue #50: http\Client::dequeue() within
http\Client::setDebug() causes segfault (Mike, Maik Wagner) * Fix gh-issue #47:
http\Url: Null pointer deref in sanitize_value() (Mike, @rc0r) * Fix gh-issue
#45: HTTP/2 response message parsing broken with libcurl >= 7.49.1 (Mike) *
gh-issue #43: Joining query with empty original variable in query (Mike, Sander
Backus) * Fix gh-issue #42: fatal error when using punycode in URLs (Mike,
Sebastian Thielen) * Fix gh-issue #41: Use curl_version_info_data.features when
initializing options (Mike) * Fix gh-issue #40: determinde the SSL backend used
by curl at runtime (Mike, @rcanavan) * Fix gh-issue #39: Notice:
http\Client::enqueue(): Could not set option proxy_service_name (Mike,
* Fix gh-issue #38: Persistent curl handles: error code not properly reset
(Mike, afflerbach) * Fix gh-issue #36: Unexpected cookies sent if
persistent_handle_id is used (Mike, rcanavan, afflerbach) * Fix gh-issue #34:
allow setting multiple headers with the same name (Mike, rcanavan) * Fix gh-
issue #33: allow setting prodyhost request option to NULL (Mike, rcanavan) *
gh-issue #31: add/improve configure checks for default CA bundle/path (Mike,
rcanavan) Changes from beta1: * Fixed recursive calls to the event loop
dispatcher Changes from beta2: + Improved configure checks for IDNA libraries
(added --with-http-libicu-dir, --with-http-libidnkit{,2}-dir, --with-http-
libidn2-dir) * Fix bug #73055: crash in http\QueryString (Mike, rc0r)
(CVE-2016-7398) * Fix bug #73185: Buffer overflow in HTTP parse_hostinfo()
(Mike, rc0r) (CVE-2016-7961) * Fix HTTP/2 version parser for older libcurl
versions (Mike) * Fix gh-issue #52: Underscores in host names: libidn Failed to
parse IDN (Mike, canavan)

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade php-pecl-http' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten