Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Aug 2016 12:49:25 +0200
From: "F. Alonso" <rs@...skills.cz>
To: oss-security@...ts.openwall.com
Cc: CVE ID Requests <cve-assign@...re.org>
Subject: CVE Requests Facebook HHVM

Hi,

The following commits patched several security flaws that I recently
reported to Facebook's complete toolchain for the PHP language, HHVM [1]
version 3.14.2 and 3.14.3.

Could you assing CVEs for those issues?


-Fix out of bounds write access in
mb_detect_encoding, mb_send_mail, mb_detect_order.
https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2

-Fix buffer overrun due to integer overflow in bcmath
https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475

-Fix integer overflow in StringUtil::implode
https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271

-Fix self recursion in compact
https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e

-Fix recursion checks in array_*_recursive
https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69

-Fix infinite recursion in wddx
https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2

[1] https://github.com/facebook/hhvm


Thank you,

-- 

Francisco Alonso.
http://twitter.com/revskills
PGP: 0xE2E64DCA
--

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ