Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Sep 2016 14:44:40 +0300
From: Lior Kaplan <>
Cc: "" <>
Subject: CVE assignment for PHP 5.6.26 and 7.0.11


Both PHP versions have been tagged.

Please assign CVEs to the following issues:

PHP 5.6.26 only:

bug #73052 (Memory Corruption in During Deserialized-object Destruction).;a=commit;h=6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43

PHP 5.6.26 and 7.0.11:

bug #72293 (Heap overflow in mysqlnd related to BIT fields).;a=commit;h=28f80baf3c53e267c9ce46a2a0fadbb981585132

bug #72860 (wddx_deserialize use-after-free).;a=commit;h=b88393f08a558eec14964a55d3c680fe67407712

bug #72928 (Out of bound when verify signature of zip phar in

bug #73007 (add locale length check).;a=commit;h=6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b

bug #73029 (Missing type check when unserializing SplArray).;a=commit;h=ecb7f58a069be0dec4a6131b6351a761f808f22e

bug #73065 (Out-Of-Bounds Read in php_wddx_push_element).;a=commit;h=c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ