Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 21 Jul 2015 21:51:01 +0200
From: Tomas Hoger <thoger@...hat.com>
To: cve-assign@...re.org
Cc: Vasyl Kaigorodov <vkaigoro@...hat.com>, oss-security@...ts.openwall.com,
        security@....net
Subject: Re: CVE request: php - segmentation fault in
 Phar::convertToData; buffer overflow in phar_fix_filepath;

On Fri, 17 Jul 2015 15:54:25 +0200 Vasyl Kaigorodov wrote:

> I'd like to request a CVEs for the below issues fixed in PHP 5.5.27
> and 5.4.43 (5.6.x was not affected by those it looks like):
> 
> Segfault in Phar::convertToData on invalid file
> https://bugs.php.net/bug.php?id=69958
> http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
> 
> Buffer overflow and stack smashing error in phar_fix_filepath
> https://bugs.php.net/bug.php?id=69923
> http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f

Another fix noted in 5.6.11 / 5.5.27 / 5.4.43 is:

Mysqlnd: Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)

https://bugs.php.net/bug.php?id=69669
http://git.php.net/?p=php-src.git;a=commitdiff;h=97aa752fee61fccdec361279adbfb17a3c60f3f4

It references a CVE that was assigned to MySQL / libmysqlclient.  As
the fix was applied to mysqlnd - re-implementation of the MySQL client
- can the original BACKRONYM CVE still be used here, or is a new CVE
id needed?

Thank you!

-- 
Tomas Hoger / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ