Date: Mon, 05 Oct 2015 15:20:07 +0200 From: Martin Prpic <mprpic@...hat.com> To: "OSS Security" <oss-security@...ts.openwall.com> Subject: CVE request: issues fixed in PHP 5.6.14 and 5.5.30 Hi, the changelog for PHP 5.6.14 and 5.5.30 lists these two issues that have a security impact: Null pointer dereference in phar_get_fp_offset() https://bugs.php.net/bug.php?id=69720 Uninitialized pointer in phar_make_dirstream when zip entry filename is "/" https://bugs.php.net/bug.php?id=70433 Both result in a crash. Can CVEs be assigned to these issues? Also, if anyone knows of any security implications of the other bugs in these versions, please speak up. I didn't go through the whole list very thoroughly. Thank you! -- Martin Prpič / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ