Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 14 Jan 2016 14:35:52 -0500 (EST)
From: cve-assign@...re.org
To: emmanuel.law@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: [CVE Request] Multiple PHP issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Memory Read via gdImageRotateInterpolated Array Index Out of Bounds
> https://bugs.php.net/bug.php?id=70976

Use CVE-2016-1903. As far as we can tell, the discussion at
"2015-12-29 07:27 UTC" and later does not describe an additional
vulnerability. The discussion seems to be about adapting the security
patch for palette images so that it doesn't disrupt the handling of
true color images.


> Heap BufferOver Flow in escapeshell functions
> https://bugs.php.net/bug.php?id=71270
> https://github.com/php/php-src/commit/2871c70efaaaa0f102557a17c727fd4d5204dd4b

Use CVE-2016-1904 for both of the integer overflows in
ext/standard/exec.c (the one in the php_escape_shell_cmd function and
the one in the php_escape_shell_arg function).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWl/gmAAoJEL54rhJi8gl5rm8QAMsiJK3V60k4bjWZFpShAFxz
9vOic/LsFrjgRb1hM+4eauCT6usPxS/v2R802eEheuOlhLWdi2epl9l65knTm+ho
uQMMYkBHPtdkRQMdf6A6XGBHNy7salXY4UTcBvoSvx8yqzsMyjgqDji3D+qWqhch
QDErqGljVS5ZUrrXHvPkTwKmCjQtZFuvNFdPtE1B7/0K58hM+PM0ZPFTfyKNvK3/
Vg75KOGlFz4H96kWsmvNQBOT0fMKKKDnQtg8yOiNJVMkJZiQnkNh3bMNaqqQW8KZ
9ZmWuje1ZRHP7osGjggfn/P0Wpmxq2JXqNNe4mH2Zwr0iIUAOlvCNunfRM1MfYik
wjwZ/tGifyEGxDdnKpu7MAb+9QAzqb6uKyTlr8DlJdrM72A68ygGc0CHQQHbstL6
1u+3/zVELSzEq1j/UnZkgu22+LzqNXhJTUK6Hda0hnfH0gW1qUoC/zqlM5i7lG2T
TPuduWSrXIDCB3UceOUwNSk36cWWtDhJj7K6nRRMTFAilvzfRGmeUXQ04/AhCLNM
Pkleb6O6EXFZed5CqWJFUlTD4ak+aibUL8fdXARGfXDz/5wEgIwgvbBIP1MUvbVF
/Mrb5HbHdrqADHXXd5CrgFkOcIuMhxZZb/RBnCwjM4oC9kht/0LYmpzydxdoFidQ
4bSuxdlqC4cMe1yn/wWJ
=WENK
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.