Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 May 2016 10:51:15 +0300
From: Lior Kaplan <kaplanlior@...il.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Fwd: CVE for PHP 5.5.36 issues

Hi,

Please assign CVE for the following issues, expected to be part of PHP
5.5.36
Code at http://git.php.net/?p=php-src.git;a=shortlog;h=refs/heads/PHP-5.5

#72227 is a backport from upstream, so we'd prefer to reuse their CVE (if
already exists).
#72135 and 72114 are PHP 5.x only bugs.

Thanks,

Kaplan

---------- Forwarded message ----------
From: Lior Kaplan <kaplanlior@...il.com>
Date: Wed, May 25, 2016 at 12:55 AM
Subject: CVE for PHP 5.5.36 issues ?
To: "security@....net" <security@....net>

Following my mail bellow from last week, these are the issues which got
fixed in the security repository for PHP 5.5.

commit 7a1aac3343af85b4af4df5f8844946eaa27394ab
Author: Stanislav Malyshev <stas@....net>
Date:   Mon May 23 00:28:02 2016 -0700

    Fixed bug #72227: imagescale out-of-bounds read

    Ported from
https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a

commit 97eff7eb57fc2320c267a949cffd622c38712484
Author: Stanislav Malyshev <stas@....net>
Date:   Sun May 22 17:49:02 2016 -0700

    Fix bug #72241: get_icu_value_internal out-of-bounds read

commit 0da8b8b801f9276359262f1ef8274c7812d3dfda
Author: Stanislav Malyshev <stas@....net>
Date:   Sun May 15 23:26:51 2016 -0700

    Fix bug #72135 - don't create strings with lengths outside int range

commit abd159cce48f3e34f08e4751c568e09677d5ec9c
Author: Stanislav Malyshev <stas@....net>
Date:   Mon May 9 21:55:29 2016 -0700

    Fix bug #72114 - int/size_t confusion in fread

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ