Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 26 May 2016 13:09:15 -0400 (EDT)
From: cve-assign@...re.org
To: kaplanlior@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Fwd: CVE for PHP 5.5.36 issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://git.php.net/?p=php-src.git;a=commit;h=7a1aac3343af85b4af4df5f8844946eaa27394ab
> Author: Stanislav Malyshev <stas@....net>
> Date:   Mon May 23 00:28:02 2016 -0700
> 
>     Fixed https://bugs.php.net/bug.php?id=72227: imagescale out-of-bounds read
> 
>     Ported from
> https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a

Use CVE-2013-7456.


> https://git.php.net/?p=php-src.git;a=commit;h=97eff7eb57fc2320c267a949cffd622c38712484
> Author: Stanislav Malyshev <stas@....net>
> Date:   Sun May 22 17:49:02 2016 -0700
> 
>     Fix https://bugs.php.net/bug.php?id=72241: get_icu_value_internal out-of-bounds read

Use CVE-2016-5093.


> https://git.php.net/?p=php-src.git;a=commit;h=0da8b8b801f9276359262f1ef8274c7812d3dfda
> Author: Stanislav Malyshev <stas@....net>
> Date:   Sun May 15 23:26:51 2016 -0700
> 
>     Fix https://bugs.php.net/bug.php?id=72135 - don't create strings with lengths outside int range

Use CVE-2016-5094 for the original report that had the "[2016-05-16
06:28 UTC] Fix in security repo as
0da8b8b801f9276359262f1ef8274c7812d3dfda" response. Use CVE-2016-5095
for the additional issue reported in the "[2016-05-17 12:55 UTC]"
comment.


> https://git.php.net/?p=php-src.git;a=commit;h=abd159cce48f3e34f08e4751c568e09677d5ec9c
> Author: Stanislav Malyshev <stas@....net>
> Date:   Mon May 9 21:55:29 2016 -0700
> 
>     Fix https://bugs.php.net/bug.php?id=72114 - int/size_t confusion in fread

Use CVE-2016-5096.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIbBAEBCAAGBQJXRy0IAAoJEHb/MwWLVhi2R7oP+Ogf1v4tOqN/amnRHXFyf5kP
hyZ3PdNuquL4GRkOkJ68BuJI/Cxa4VSWRPXWn2w/mASLZBKqdxK26hq3q2QvIqSH
gmtW8iHX/mxFf+TqSJDkU8LCEj7Ri9L4a+Ttn6UKsevmThG8rvBKRQxN8clBmm1W
5sJpXwdYVDQ0n9boxS19T5rKiwUJg1nlH2CIDjrt4TEQBf+cOs5moXpppmaVvISJ
mda38TZ+Ob2Kz/J84wluKP+IxAV70KTDTojzPj4062yP3Uh2UYElqOd+Wvewzjmv
5Mf1iuFG85jNpq12VBULpgK71ErbcIAe/0RAbFIuNdLdR5+FQFGCypcrEyPwPrWv
G7J9ywExBA3eaIrax0ANXLymMKw/IdBW9NqDB3PLOA9Hb4WJCNmmX7GuUfSoxthM
SrjOLBwrB+H63cCps/Xgn/lHc10T7hFZz4TCVTKcCni/EAPlDuPNVamA8hjAz47R
W2QyqTuRvtxRqhs2kEt1fsobOqUqM01Ji0z6MZg9LVj++vuFBelC+vG/KjYHZLvD
2ahvIqiY+nrOvP/rVLTpVBMKDsjSblPmyg/8MIDgoLg182d7qaoeEo7sSkZzcHWe
UNIxWP0b0T+ZZhqCLTxOIQe2Yq1Pa9zBZ93fIBCQjxWdBja9NihNM60ddMAAqteN
17GUP+gKyWBvFYqX08c=
=OwOj
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ