Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 10 Oct 2015 13:14:29 -0400 (EDT)
From: cve-assign@...re.org
To: mprpic@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: issues fixed in PHP 5.6.14 and 5.5.30

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> the changelog for PHP 5.6.14 and 5.5.30 lists these two issues that
> have a security impact:

> Null pointer dereference in phar_get_fp_offset()
> https://bugs.php.net/bug.php?id=69720

Use CVE-2015-7803.


> Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
> https://bugs.php.net/bug.php?id=70433

Use CVE-2015-7804.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWGUcBAAoJEL54rhJi8gl5sTgQAK10QPBUELp73MG9/oNZuBvU
StOfUjxvuassZxtgqn3w0cnujL2USo4YK0OyJIecurbJSlnb2mFNM9HR6DN5XDXq
Z7DxcB3TCjy7tqBCzNTyhtEErs2eEfHJ6nMFXPVznby44hxV8Q6ywfvA0HsWcyfe
AFqwM2EwjdB4iulpS2ICRG8Pv86trEO6nulDQAqPJXUQhRQgE/B6P8v9BU5/K9oi
mJ8IEq6eYQaQAG8O/pC20tdHRfcxoHmpwmPLGsKSGtg3Xqnsyq5I4Q3PLy9YqI57
73E3B2OQFbCeqmxIOgeP5wxtlB0Ocaa68wthQYBQgD2rzz/AID208EpyIinMRkSB
6vsQYf79LNP92H2ZG7Alua/eNQGkDDhKKLLKd9agi1kosdl5VZEm12OLHBipqytk
QZ0hiBwzVbIOIVkWEgcVStJ7j138IIzHzGozH1rCFznmu2WeAYzm/WwuJtRyPiM+
aDV8vPBfT7MlWiPTnA6PtUp3zZAP+0GNSdqKE3Mao+0GTKxaAfL0pvs0f+xjzHJ3
Lil+jiRzCw7taCU6RLrkwBA4qOg6haOE3L7BN7t9QNLDo0dsreSzaNvqSGz9PjY+
56gxGj5OQrhQPoAEz4L5TFGrEFBXfDO8NO35OpHshHhA84lMxn1DB52gzvvoDfy3
4lbpHx4iI5IZQcJBjVmt
=lyc/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ