Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Sep 2016 14:44:40 +0300
From: Lior Kaplan <kaplanlior@...il.com>
To: oss-security@...ts.openwall.com
Cc: "security@....net" <security@....net>
Subject: CVE assignment for PHP 5.6.26 and 7.0.11

Hi,

Both PHP versions have been tagged.

Please assign CVEs to the following issues:

PHP 5.6.26 only:

bug #73052 (Memory Corruption in During Deserialized-object Destruction).
https://bugs.php.net/bug.php?id=73052
http://git.php.net/?p=php-src.git;a=commit;h=6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43


PHP 5.6.26 and 7.0.11:

bug #72293 (Heap overflow in mysqlnd related to BIT fields).
https://bugs.php.net/bug.php?id=72293
http://git.php.net/?p=php-src.git;a=commit;h=28f80baf3c53e267c9ce46a2a0fadbb981585132

bug #72860 (wddx_deserialize use-after-free).
https://bugs.php.net/bug.php?id=72860
http://git.php.net/?p=php-src.git;a=commit;h=b88393f08a558eec14964a55d3c680fe67407712

bug #72928 (Out of bound when verify signature of zip phar in
phar_parse_zipfile).
https://bugs.php.net/bug.php?id=72928
http://git.php.net/?p=php-src.git;a=commit;h=0bfb970f43acd1e81d11be1154805f86655f15d5

bug #73007 (add locale length check).
https://bugs.php.net/bug.php?id=73007
http://git.php.net/?p=php-src.git;a=commit;h=6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b

bug #73029 (Missing type check when unserializing SplArray).
https://bugs.php.net/bug.php?id=73029
http://git.php.net/?p=php-src.git;a=commit;h=ecb7f58a069be0dec4a6131b6351a761f808f22e

bug #73065 (Out-Of-Bounds Read in php_wddx_push_element).
https://bugs.php.net/bug.php?id=73065
http://git.php.net/?p=php-src.git;a=commit;h=c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29

Thanks,

Kaplan

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ