Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 28 Apr 2016 11:57:38 -0400 (EDT)
From: cve-assign@...re.org
To: manhluat93.php@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: [CVE Requests] PHP issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> 1. Heap corruption in tar/zip/phar parser
> https://bugs.php.net/bug.php?id=71354

Use CVE-2016-4342.


> 2. Uninitialized pointer in phar_make_dirstream()
> https://bugs.php.net/bug.php?id=71331

Use CVE-2016-4343.


> 3. Multiple Heap Overflow due to integer overflows | xml/filter_url/addcslashes
> https://bugs.php.net/bug.php?id=71637

>> ext/xml/xml.c

Use CVE-2016-4344.


>> ext/filter/sanitizing_filters.c

Use CVE-2016-4345.


>> ext/standard/string.c

Use CVE-2016-4346.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXIjJmAAoJEHb/MwWLVhi2TDUQAJYgRTY/sXSPOhCSGULqnbSv
/LTTtL494AMrbdwVwuAEEE2gQnQh1ceEyT6T7CCOZMIwid7c8eDjFTrglCSuN75s
731+HOkd4e5UV7/Ms/rUUHarAz8iaroYqcJfFjFRZqbGrIA6K40Z9BOkvjbEQeDU
f4tXQZqtiK7zvQWPbootRZ4+97U6BwuxBRs39nJTkKwcuGF6c25rORoJoof5wypV
HFfUiwbPPlxHroNlZKb9MrhUUriT1PAo+HrOEthPX5H5RLBVzuB8wNdaz/XztUWB
88Ia2upuBIIYDiygUrhL3ZiT5ot13qxBES8gF9VrLtPKLTDudg24B9/sUu/+AdFS
c28Z1dU9Khh4wO+e44c+BWU2yX/92RLxf2aQHuu51UKGtvJQSOGtPL/jVVwYkqS7
9Nk5DRq4SHU6xMi2u3o9huY3A3jiVQ10SsVE+ogq7xpmTWTtRotcv2QXk0eTX0gN
Q/KmOG44Tn/eszUz8qo3cuspVqmpNygvZJZg2ezuiZhEiFf5en88S4f6FUWCEA/Y
utxuKZRyPXIx3O+SBFEuytPDXhDlNyknpJIfOOR5DRf/fno9Jd8zRr43xRYa7K34
pVtF417ZDQbO/Qfu9kjpXV2t34uM8HPSk8RQopj8Pda/FDJjPUSVB6slA4Ug+V9I
v6LoUj4kgrDaip73ispF
=o+rt
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ