Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Jul 2016 11:06:25 +0300
From: Lior Kaplan <>
Cc: "" <>,
Subject: Fwd: CVE for PHP 5.5.38 issues


PHP 5.5.38 was released over the weekend, with a few security fixes, see
list bellow (I removed issues already have CVE assigned to them).

Source code is at;a=shortlog;h=refs/tags/php-5.5.38

- Core:
   . Fixed bug #70480 (php_url_parse_ex() buffer overflow read). (Stas)
   . Fixed bug #72513 (Stack-based buffer overflow vulnerability in
     virtual_file_ex). (loianhtuan at gmail dot com)
   . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session
     Deserialization). (taoguangchen at icloud dot com)

   . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
   . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).

- Intl:
   . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)

   . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and
     unserialize()). (taoguangchen at icloud dot com)

- Xmlrpc:
   . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn

- Zip:
   . Fixed bug #72520 (Stack-based buffer overflow vulnerability in
     php_stream_zip_opener). (loianhtuan at gmail dot com)



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ