001-libtool_fixes.patch
002-static_openssl.patch
004-ldap_fix.patch
006-debian_quirks.patch
libtool2.2.patch
013-force_getaddrinfo.patch
017-pread_pwrite_disable.patch
019-z_off_t_as_long.patch
029-php.ini_paranoid.patch
033-we_WANT_libtool.patch
034-apache2_umask_fix.patch
036-fd_setsize_fix.patch
043-recode_size_t.patch
044-strtod_arm_fix.patch
045-exif_nesting_level.patch
047-zts_with_dl.patch
052-phpinfo_no_configure.patch
053-extension_api.patch
057-no_apache_installed.patch
100-recode_is_shared.patch
101-sqlite_is_shared.patch
108-64_bit_datetime.patch
112-proc_open.patch
113-php.ini_securitynotes.patch
115-autoconf_ftbfs.patch
116-posixness_fix.patch
libdb_is_-ldb
page_size_fixes.patch
suhosin.patch
fix_broken_upstream_tests.patch
use_embedded_timezonedb.patch
force_libmysqlclient_r.patch
gentoo/009_ob-memory-leaks.patch
mssql-null-exception.patch
sybase-alias.patch
strcmp_null-OnUpdateErrorLog.patch
#deprecate_short_open_tag
unaligned_memory_access.patch
fix_broken_5.3_tests.patch
dont-gitclean-in-build.patch
#broken_5.3_test-posix_uname.patch
shtool_mkdir_-p_-race-condition.patch
qdbm-is-usr_include_qdbm.patch
zend_int_overflow.patch
use_embedded_timezonedb_fixes.patch
fix_broken_sha2_test.patch
#php_crypt_revamped.patch
#use_system_crypt_fixes.patch
session_save_path.patch
#install-programs_parallel_FTBFS.patch
#581911_pdo_mysql_segfaults.patch
fpm_gcc_atomics.patch
php-fpm-man-section-and-cleanup.patch
fpm-config.patch
CVE-2010-2950.patch
php-5.3.4-ini.patch
CVE-2010-3710.patch
CVE-2010-3709.patch
CVE-2010-3870.patch
CVE-2010-4156.patch
bug52573.patch
bug52487.patch
bug50481.patch
fix_crash_in__php_mssql_get_column_content_without_type.patch
bug52827.patch
bug52843.patch
CVE-2010-3436.patch
bug52947.patch
fix_crash_in_GC.patch
bug53070.patch
bug53323.patch
reject-filenames-with-null-r305507.patch
fix-open_basedir-with-separator-r305698.patch
CVE-2010-4409.patch
crash_in_zip_extract.patch
unaligned_memory_access_in_hash_tiger.c.patch
CVE-2010-4150.patch
fix-infinite-loop-with-x87-cpu.patch
do-not-overwrite-GLOBALS-and-this.patch
fix-crash-if-aa-steps-are-invalid.patch
fix-crash-with-entity-declarations-in-simplexml.patch
fix-for-NULL-deref-in-zend_language_scanner.patch
CVE-2011-1466.patch
fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
fix-leaks-and-crash-bug-when-passing-the-callback-as-variable.patch
fix-memory-leak-inside-highlight_string.patch
fix-segfault-in-pgsql_stmt_execute-when-postgres-is-down.patch
fix-segfault-when-extending-SplFixedArray.patch
fix-segfault-when-node-is-NULL-in-simplexml.patch
CVE-2011-1467.patch
fix-sqlite3-columnName-segfaults-on-bad-column_number.patch
CVE-2011-0421.patch
CVE-2011-1153.patch
CVE-2011-0708.patch
CVE-2011-1471.patch
CVE-2011-0420.patch
CVE-2011-2202.patch
CVE-2011-2483.patch
CVE-2011-1938.patch
CVE-2011-4566.patch
CVE-2011-4885.patch
CVE-2012-0057.patch
memory_leaks.patch
fix_deprecated_register_long_arrays_warning.patch
CVE-2012-0781.patch
CVE-2011-4153.patch
CVE-2011-4153-2.patch
php5-CVE-2010-4697.patch
php5-CVE-2011-1092.patch
php5-CVE-2011-1148.patch
php5-CVE-2011-1464.patch
php5-CVE-2011-1467.patch
php5-CVE-2011-1468.patch
php5-CVE-2011-1469.patch
php5-CVE-2011-1470.patch
php5-CVE-2011-1657.patch
php5-CVE-2011-3182.patch
php5-CVE-2011-3267.patch
php5-CVE-2012-0788.patch
php5-CVE-2012-0831.patch
CVE-2012-1172.patch
CVE-2012-1823.patch
CVE-2012-2311.patch
fix-crash-accessing-global-object.patch
CVE-2012-2386.patch
CVE-2012-2386-1.patch
CVE-2012-2688.patch
CVE-2012-3450.patch
CVE-2013-1635.patch
CVE-2013-1643.patch
CVE-2013-4113.patch
CVE-2013-4248.patch
CVE-2013-6420.patch
CVE-2013-6712.patch
CVE-2014-1943.patch
CVE-2014-4049.patch
CVE-2014-3480.patch
CVE-2014-0207.patch
CVE-2014-3515.patch
CVE-2014-4271.patch
CVE-2014-3538.patch
CVE-2014-3587.patch
CVE-2014-3597.patch
#
CVE-2014-3668.patch
CVE-2014-3669.patch
CVE-2014-3670.patch
CVE-2014-3710.patch
ldap-fix.patch
#
# patches from Univention
CVE-2014-0238.patch
CVE-2014-0237.patch
CVE-2014-2270.patch
#
#XXX not needed: CVE-2014-9427.patch
#
# temporary CVE-2015-TEMP
CVE-2015-TEMP-1.patch
CVE-2015-TEMP-2.patch

CVE-2014-8117.patch

#
# upload April 2015
# no-dsa, bug in libxml2: CVE-2010-4657
# no-dsa, too intrusive to backport, mitigations exists: CVE-2011-4718
# no-dsa, too intrusive to backport: CVE-2012-0789
# CVE-2014-9652.patch: already done in CVE-2015-TEMP-2.patch
CVE-2014-9705.patch
CVE-2015-3330.patch
# test in CVE-2015-0232 fails because of FileDateTime problem in test-suite, otherwise ok
CVE-2015-0232.patch
# test in CVE-2015-3329 fails because of php.ini used in testsuite
CVE-2015-3329.patch
CVE-2015-2783.patch
CVE-2015-2331.patch
CVE-2015-2301.patch
CVE-2015-2787.patch
CVE-2015-temp-68819.patch

#
# upload August 2015
CVE-2015-4021.patch
CVE-2015-4599.patch
CVE-2015-4602.patch
CVE-2015-4643.patch
CVE-2015-5590.patch
CVE-2015-4644.patch
# vulnerabilities in soap.c have been deteced by two people, so two CVEs
CVE-2015-4147-4148.patch
# relevant patch already applied in CVE-2015-2783.patch
#CVE-2015-3307.patch
# the CVEs need a new parameter 'p' to check paths with \0 inside
zend-parameter-p.patch
CVE-2015-3411-3412.patch
CVE-2015-4598.patch
# both CVEs have been fixed in one commit
# this has been already fixed in CVE-2015-temp-68819.patch
#CVE-2015-4604-4605.patch
# both CVEs have been fixed in one commit
CVE-2015-4600-4601.patch
CVE-2015-4022.patch
# both CVEs have been fixed in one commit
CVE-2015-4025-4026.patch
CVE-2015-5589.patch


#
# upload October 2015
CVE-2015-7804.patch
CVE-2015-7803.patch
CVE-2015-6837.patch
CVE-2015-6838.patch
CVE-2015-6836.patch
CVE-2015-6832.patch
CVE-2015-6833.patch
CVE-2015-6834-70365.patch
# vulnerable code not present
#CVE-2015-6834-70366.patch
CVE-2015-6831-70166.patch
CVE-2015-6831-70168.patch
# vulnerable code not present
#CVE-2015-6831-70169.patch
# already fixed in CVE-2015-6831-70166.patch
#CVE-2015-6831-70155.patch

# no-dsa, todo, no patch found yet: CVE-2011-1398
# no-dsa, todo, no patch found yet: CVE-2014-5459
# todo, no patch found yet: CVE-2015-2305
# no-dsa, todo, no patch found: CVE-2013-6501
# todo: CVE-2015-0273: patch does not apply: CVE-2015-0273-part1.patch
# todo: CVE-2015-0273: patch does not apply: CVE-2015-0273-part2.patch
# todo: temp1, no patch found 
# todo: problems reported with this patch: CVE-2015-2348.patch
# todo, no patch found yet: CVE-2015-4603
# todo, change of algorithm: CVE-2015-4024.patch
# todo, too intrusive change needed (var_push_dtor_no_addref() missing): CVE-2015-6835.patch
# todo, too intrusive change needed (var_push_dtor_no_addref() missing): CVE-2015-6834-70172.patch
# todo,	TEMP-0800564-79703B, no patch yet

check-null-path.patch
