Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 10 Mar 2016 10:42:28 +0100
From: Marcus Meissner <>
To: OSS Security List <>,,
Subject: CVE Request: PHP last release security issues


PHP released a round of security updates, but no CVEs have apparently been assigned.

from	Type Confusion Vulnerability - SOAP / make_http_soap_request()

and	Out-of-Bound Read in phar_parse_zipfile()	Use-After-Free / Double-Free in WDDX Deserialize

There are more bugs in the release announcements with trigger words like
integer overflow or use-after-free, but several if not all of those need
specific PHP code, so basically self-exploitation.

Perhaps the PHP security team can fill in if I missed some or one of the above is not an issue.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ