Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 05 Oct 2015 15:20:07 +0200
From: Martin Prpic <mprpic@...hat.com>
To: "OSS Security" <oss-security@...ts.openwall.com>
Subject: CVE request: issues fixed in PHP 5.6.14 and 5.5.30

Hi, the changelog for PHP 5.6.14 and 5.5.30 lists these two issues that
have a security impact:

Null pointer dereference in phar_get_fp_offset()
https://bugs.php.net/bug.php?id=69720

Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
https://bugs.php.net/bug.php?id=70433

Both result in a crash. Can CVEs be assigned to these issues?

Also, if anyone knows of any security implications of the other bugs in
these versions, please speak up. I didn't go through the whole list
very thoroughly.

Thank you!

-- 
Martin Prpič / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ