Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Apr 2015 10:45:47 +0200
From: Tomas Hoger <thoger@...hat.com>
To: cve-assign@...re.org
Cc: Andrea Palazzo <andrea.palazzo@...el.it>, oss-security@...ts.openwall.com,
        security@....net
Subject: Re: CVE Request: PHP SoapClient's __call() type
 confusion through unserialize()

On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:

> Hi everyone,
> I'd like to request a CVE for the PHP Sec Bug #69085.
> 
> Description:
> SoapClient's __call() method is prone to a type confusion
> vulnerability which can be used to gain remote code execution through
> unsafe unserialize() calls.
> 
> Info:
> https://bugs.php.net/bug.php?id=69085

Re-sending with cve-assign@ CC.

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ