Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 12 Dec 2016 13:00:09 -0500
From: <cve-assign@...re.org>
To: <kaplanlior@...il.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<security@....net>
Subject: Re: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
> Bug #72696    imagefilltoborder stackoverflow on truecolor images
> https://bugs.php.net/bug.php?id=72696
> https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1

Use CVE-2016-9933. The scope of this CVE is only the missing
"color < 0" test in older versions.
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
is also about comparisons to "im->colorsTotal - 1" - if that's also a
libgd vulnerability fix, and someone wants a CVE ID for that, please
let us know.


> Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
> Bug #73331    NULL Pointer Dereference in WDDX Packet Deserialization with
> PDORow
> https://bugs.php.net/bug.php?id=73331
> https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d

Use CVE-2016-9934. The scope of this CVE is everything fixed by
6045de69c7dedcba3eadf7c4bba424b19c81d00d. We could not immediately
determine whether the new "pdo_row_ce->unserialize =
zend_class_unserialize_deny" line, by itself, could stand as an
independent fix for a subset of the problem.


> Fixed in PHP 5.6.29 and 7.0.14:
> Bug #73631    Invalid read when wddx decodes empty boolean element
> https://bugs.php.net/bug.php?id=73631
> https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0

Use CVE-2016-9935.


> Fixed in PHP 7.0.14 and 7.1.0:
> Bug #72978    Use After Free in PHP7 unserialize()
> https://bugs.php.net/bug.php?id=72978
> https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17

Use CVE-2016-9936. The b2af4e8868726a040234de113436c6e4f6372d17 commit
message is "Complete the fix of bug #70172 for PHP 7." Because 70172
is referenced by CVE-2015-6834, it is possible to say that
CVE-2016-9936 exists because of an incomplete fix for CVE-2015-6834.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYTuTBAAoJEHb/MwWLVhi2tzwQAJNkrZlt5Jz6HNM4QAS4uZgw
TBOaGJXVjJF3DQDyR2jb+wYDnMkCWWON0lTw4pUj1sL8JgmxI+R0cT/eTVIBqyGZ
zyUFzmMSXbt0HQ58Er1v2kZYOnjalD6q8UsME66wO0qVNRDDwpiS93j4yqc42RhH
l1KcO7DjfbOyEIN/ZNzSLKn9L5Sn/bT0paeXdr5TfmqMDzGHwM0V7NgrjmJeJMTt
OteCcYQz+r9vLmvM8Ol8Jlj4f5GZvbB8ClBjNmvhUANyxwZjVQ56a1hP/a+w6aw7
VBTJ9Jpj8SvdBNweTrehLD8e7XwePyN/YuJ8tQ6lhrxL+Xtt6TDt/ug7fpGASoVn
VD93ExsIokXlgHDJ+4Jfqt0h0f7j2F2Ri7yTmpGCxBrBeIYgFJ949Ak+W2u9OJQz
51IEO8hUfYbtLqgRw30ZfW2pqYZQ5z75amlbgfb9qvgtcdxBI14/B+cehqrRXJhK
PbebZHfU/EVb+ZFMJLROsKT5NedrTT5T3oWGaYamRTQm/0Zx0f2YeJT5j/5kJJFz
YfB2IPdU2a/fdg8H3lZuKU8ti4Y/3ySSdzAzRaXK+TIAds7wfkUdKm+C5hgyjGgX
NK7XO/omrEyUsWdvI/4cKuIWb0yjcoLqB5yZWcIzU/D7/RynAmj92s1G8bAO8rga
SJV6zg4FuvvBpDH+1rJJ
=QPcf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ