Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Dec 2016 12:13:45 +0200
From: Lior Kaplan <kaplanlior@...il.com>
To: cve-assign@...re.org
Cc: "security@....net" <security@....net>, oss-security@...ts.openwall.com
Subject: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0

Hi,

Please assign a CVE for the following issues:

Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
Bug #72696    imagefilltoborder stackoverflow on truecolor images
https://bugs.php.net/bug.php?id=72696
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1


Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
Bug #73331    NULL Pointer Dereference in WDDX Packet Deserialization with
PDORow
https://bugs.php.net/bug.php?id=73331
https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d


Fixed in PHP 5.6.29 and 7.0.14:
Bug #73631    Invalid read when wddx decodes empty boolean element
https://bugs.php.net/bug.php?id=73631
https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0


Fixed in PHP 7.0.14 and 7.1.0:
Bug #72978    Use After Free in PHP7 unserialize()
https://bugs.php.net/bug.php?id=72978
https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17


Kaplan

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ