Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 05 Oct 2015 15:20:07 +0200
From: Martin Prpic <>
To: "OSS Security" <>
Subject: CVE request: issues fixed in PHP 5.6.14 and 5.5.30

Hi, the changelog for PHP 5.6.14 and 5.5.30 lists these two issues that
have a security impact:

Null pointer dereference in phar_get_fp_offset()

Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"

Both result in a crash. Can CVEs be assigned to these issues?

Also, if anyone knows of any security implications of the other bugs in
these versions, please speak up. I didn't go through the whole list
very thoroughly.

Thank you!

Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ