Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 21 Jul 2015 21:51:01 +0200
From: Tomas Hoger <>
Cc: Vasyl Kaigorodov <>,,
Subject: Re: CVE request: php - segmentation fault in
 Phar::convertToData; buffer overflow in phar_fix_filepath;

On Fri, 17 Jul 2015 15:54:25 +0200 Vasyl Kaigorodov wrote:

> I'd like to request a CVEs for the below issues fixed in PHP 5.5.27
> and 5.4.43 (5.6.x was not affected by those it looks like):
> Segfault in Phar::convertToData on invalid file
> Buffer overflow and stack smashing error in phar_fix_filepath

Another fix noted in 5.6.11 / 5.5.27 / 5.4.43 is:

Mysqlnd: Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152);a=commitdiff;h=97aa752fee61fccdec361279adbfb17a3c60f3f4

It references a CVE that was assigned to MySQL / libmysqlclient.  As
the fix was applied to mysqlnd - re-implementation of the MySQL client
- can the original BACKRONYM CVE still be used here, or is a new CVE
id needed?

Thank you!

Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ