Date: Thu, 11 Aug 2016 12:49:25 +0200 From: "F. Alonso" <rs@...skills.cz> To: oss-security@...ts.openwall.com Cc: CVE ID Requests <cve-assign@...re.org> Subject: CVE Requests Facebook HHVM Hi, The following commits patched several security flaws that I recently reported to Facebook's complete toolchain for the PHP language, HHVM  version 3.14.2 and 3.14.3. Could you assing CVEs for those issues? -Fix out of bounds write access in mb_detect_encoding, mb_send_mail, mb_detect_order. https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2 -Fix buffer overrun due to integer overflow in bcmath https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475 -Fix integer overflow in StringUtil::implode https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271 -Fix self recursion in compact https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e -Fix recursion checks in array_*_recursive https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69 -Fix infinite recursion in wddx https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2  https://github.com/facebook/hhvm Thank you, -- Francisco Alonso. http://twitter.com/revskills PGP: 0xE2E64DCA --
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ