Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 08 Jan 2015 22:11:09 +1100
From: Joshua Rogers <oss@...ernot.info>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: CVE Request: PHP

Hi,

I'm requesting multiple CVE-ID's for multiple vulnerabilities in PHP
that I found:

--

CVE Request 1:

Use after free in 'opcache' component of PHP
Bug report: https://bugs.php.net/bug.php?id=68677&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115


CVE Request 2:

Uninitalized Pointer Read in PHP core('fopen()')
Bug report: https://bugs.php.net/bug.php?id=68692&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=7ebdc8d70d7617f2c3353b027663ef54a24a2248

CVE Request 3:
Uninitalized Pointer Read in PHP core
Bug report: https://bugs.php.net/bug.php?id=68694&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=f3ea1b0b6a42a08093bf9191ad76fb4b5e0a653b


CVE Request 4:
Null Pointer Deference in pgsql
Bug report: https://bugs.php.net/bug.php?id=68741&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e

CVE Request 5:
Null Pointer Deference in ereg(regex)
Bug report: https://bugs.php.net/bug.php?id=68740&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e





Thanks,
-- 
-- Joshua Rogers <https://internot.info/>


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ