--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/php-5_3/php-sapi/patches/350_php_20803998.patch	Tue Jun 16 14:11:47 2015 -0700
@@ -0,0 +1,51 @@
+CVE-2014-9652
+Community BUG:
+https://bugs.php.net/bug.php?id=68735
+Community CODE:
+https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079
+Below is the community patch.
+
+
+diff --git a/ext/fileinfo/libmagic/softmagic.c b/ext/fileinfo/libmagic/softmagic.c
+index 7e0c856..e7b7855 100644
+--- a/ext/fileinfo/libmagic/softmagic.c
++++ b/ext/fileinfo/libmagic/softmagic.c
+@@ -884,14 +884,17 @@ mconvert(struct magic_set *ms, struct magic *m, int flip)
+ 		size_t sz = file_pstring_length_size(m);
+ 		char *ptr1 = p->s, *ptr2 = ptr1 + sz;
+ 		size_t len = file_pstring_get_length(m, ptr1);
+-		if (len >= sizeof(p->s)) {
++		sz = sizeof(p->s) - sz; /* maximum length of string */
++		if (len >= sz) {
+ 			/*
+ 			 * The size of the pascal string length (sz)
+ 			 * is 1, 2, or 4. We need at least 1 byte for NUL
+ 			 * termination, but we've already truncated the
+ 			 * string by p->s, so we need to deduct sz.
++			 * Because we can use one of the bytes of the length
++			 * after we shifted as NUL termination.
+ 			 */ 
+-			len = sizeof(p->s) - sz;
++			len = sz;
+ 		}
+ 		while (len--)
+ 			*ptr1++ = *ptr2++;
+--- /dev/null	Sat Jan  3 19:01:50 2015
++++ a/ext/fileinfo/tests/bug68735.phpt	Sat Jan  3 18:57:32 2015
+@@ -0,0 +1,16 @@
++--TEST--
++Bug #68735 fileinfo out-of-bounds memory access
++--SKIPIF--
++<?php require_once(dirname(__FILE__) . '/skipif.inc'); ?>
++--FILE--
++<?php
++	$test_file = dirname(__FILE__) . DIRECTORY_SEPARATOR . "bug68735.jpg";
++	$f = new finfo;
++
++	var_dump($f->file($test_file));
++
++?>
++===DONE===
++--EXPECTF--
++string(%d) "JPEG image data, JFIF standard 1.01, comment: "%S""
++===DONE===