Date: Wed, 27 May 2015 15:53:31 +0200 From: Tomas Hoger <thoger@...hat.com> To: cve-assign@...re.org Cc: Andrea Palazzo <andrea.palazzo@...el.it>, oss-security@...ts.openwall.com, security@....net Subject: Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() On Thu, 9 Apr 2015 10:45:47 +0200 Tomas Hoger wrote: > On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote: > > > Hi everyone, > > I'd like to request a CVE for the PHP Sec Bug #69085. > > > > Description: > > SoapClient's __call() method is prone to a type confusion > > vulnerability which can be used to gain remote code execution > > through unsafe unserialize() calls. > > > > Info: > > https://bugs.php.net/bug.php?id=69085 > > Re-sending with cve-assign@ CC. Yet another re-send. Is there a reason is isn't getting CVE, or explicit response that no CVE will be assigned? Thank you! -- Tomas Hoger / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ