Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 20 May 2012 15:09:06 -0300
From: Felipe Pena <felipensp@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: PHP Phar - arbitrary code execution

Hi,
Can anyone assing a CVE id for the following PHP's phar extension
integer overflow vulnerability? (Secunia SA44335)

Private report: https://bugs.php.net/bug.php?id=61065

Discovered by: Alexander Gavrun

Original Advisory:
http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html

-- 
Regards,
Felipe Pena

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ