Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Dec 2016 12:13:45 +0200
From: Lior Kaplan <kaplanlior@...il.com>
To: cve-assign@...re.org
Cc: "security@....net" <security@....net>, oss-security@...ts.openwall.com
Subject: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0

Hi,

Please assign a CVE for the following issues:

Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
Bug #72696    imagefilltoborder stackoverflow on truecolor images
https://bugs.php.net/bug.php?id=72696
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1


Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
Bug #73331    NULL Pointer Dereference in WDDX Packet Deserialization with
PDORow
https://bugs.php.net/bug.php?id=73331
https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d


Fixed in PHP 5.6.29 and 7.0.14:
Bug #73631    Invalid read when wddx decodes empty boolean element
https://bugs.php.net/bug.php?id=73631
https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0


Fixed in PHP 7.0.14 and 7.1.0:
Bug #72978    Use After Free in PHP7 unserialize()
https://bugs.php.net/bug.php?id=72978
https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17


Kaplan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.