Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 20 Aug 2015 12:27:13 -0400 (EDT)
From: cve-assign@...re.org
To: fourny.d@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: PHP v7 - Code execution vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>> From: Fourny Dimitri <fourny.d@...il.com>
>> Date: Thu, 30 Jul 2015 13:16:38 +0200
>> 
>> An arbitrary code execution is possible in the function str_ireplace()
>> with PHP 7.
>> The vulnerability is in the function php_string_tolower().
>> 
>> http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
>> https://bugs.php.net/bug.php?id=70140

> From: cve-assign@...re.org
> Date: Thu, 30 Jul 2015 09:43:12 -0400 (EDT)
> 
> Unless there is other information, we feel that CVE can include the
> 70140 issue, but that this doesn't mean that CVE should include every
> bug fixed during 7.0 development

Use CVE-2015-6527.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJV1f6WAAoJEL54rhJi8gl5H5IP/2KTIVieITKTLjvoUGpz9Vug
/4Cf5d0JN/UaPsV+jf5WeolmxkTaggdgwA/rkgLUh0WxEpEe73Z4pRaspIvD0cQz
qXvYmQUA3PnpTHyYrosOQ+MgkQcNdwExNLxmOlKkpGL9xv0BfT+wD44Gwm2wWx0G
jRBLXVO1f22V83otU+qBirDJkJZ3w56SYPSbY4XpFeP/YJ0Nvw5X4fN8TTYqODxl
XcpuOwXPRJYFrni9DzY9ehywVOGa6L4hCZQi1YnEpH1xwz4p10VTGpmeRCMYtP4m
9BzyoiN/mvFpPQUDPrwWgWuHNhcdObAvIwHVswLdURlNo7TWtkvaS9N3thyVVTP4
zfTLpK44ILY+y0T5O8vBWjpfo3DcjsIIHTP9j611zOv51P5UBJlriDgQhnR/Em4P
yDsG3wRj9sVaIN6ojArCGGqVlY5Py3/gb2WHmQSokqrYMN2dYlQORJzLOybaXT/h
mdWMCbht4aFcO/2JPjnoLtU2EiPmg0pS7p9KJ0F6JyZ/V4ETXHbaUxFlQ6I/fzHy
HMU2YFvGrvPHI9+J+kxK7Vqwi9nAS/P48oRsoV2yFR9hH2/mHMk3SRzV3tzZBnon
5vZMiqHhNxwSrY2b7gFhE5snvioEah7TwfSPMIur1hscTTYbkPV07dzrw3rnFTH5
E5NM+96stU4jbS3DmQSG
=RUS7
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ