Date: Sun, 24 Jul 2016 11:06:25 +0300 From: Lior Kaplan <kaplanlior@...il.com> To: cve-assign@...re.org Cc: "security@....net" <security@....net>, oss-security@...ts.openwall.com Subject: Fwd: CVE for PHP 5.5.38 issues Hi, PHP 5.5.38 was released over the weekend, with a few security fixes, see list bellow (I removed issues already have CVE assigned to them). Source code is at http://git.php.net/?p=php-src.git;a=shortlog;h=refs/tags/php-5.5.38 - Core: . Fixed bug #70480 (php_url_parse_ex() buffer overflow read). (Stas) . Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (loianhtuan at gmail dot com) . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (taoguangchen at icloud dot com) - EXIF: . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (Stas) . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (Stas) - Intl: . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas) - SNMP: . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (taoguangchen at icloud dot com) - Xmlrpc: . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (Stas) - Zip: . Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (loianhtuan at gmail dot com) Thanks, Kaplan
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ