Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Aug 2016 12:49:25 +0200
From: "F. Alonso" <>
Cc: CVE ID Requests <>
Subject: CVE Requests Facebook HHVM


The following commits patched several security flaws that I recently
reported to Facebook's complete toolchain for the PHP language, HHVM [1]
version 3.14.2 and 3.14.3.

Could you assing CVEs for those issues?

-Fix out of bounds write access in
mb_detect_encoding, mb_send_mail, mb_detect_order.

-Fix buffer overrun due to integer overflow in bcmath

-Fix integer overflow in StringUtil::implode

-Fix self recursion in compact

-Fix recursion checks in array_*_recursive

-Fix infinite recursion in wddx


Thank you,


Francisco Alonso.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ