Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Jul 2017 14:34:28 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org, "security@....net" <security@....net>
Subject: Re: CVE IDs needed for PHP vulnerabilites (affects
 5.6.30 and 7.0.20)

Hi

On Wed, Jul 05, 2017 at 02:37:00PM +0300, Lior Kaplan wrote:
> Hi,
> 
> The following issues have been reported and fixed in PHP. At the moment
> they are part of PHP 7.0.21 release. The fixes are also included in the 5.6
> branch and will be part of 5.6.31 when it will be released.
> 
> #73807 Performance problem with processing post request over 2000000 chars
> https://bugs.php.net/bug.php?id=73807
> http://git.php.net/?p=php-src.git;a=commitdiff;h=0f8cf3b8497dc45c010c44ed9e96518e11e19fc3
> 
> #74145 wddx parsing empty boolean tag leads to SIGSEGV
> https://bugs.php.net/bug.php?id=74145
> http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
> http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9
> 
> #74651 negative-size-param (-1) in memcpy in zif_openssl_seal()
> https://bugs.php.net/bug.php?id=74651
> http://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6
> 
> #74819 wddx_deserialize() heap out-of-bound read via php_parse_date()
> https://bugs.php.net/bug.php?id=74819
> PHP 5.6 -
> http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
> PHP 7.0  -
> http://git.php.net/?p=php-src.git;a=commitdiff;h=6b18d956de38ecd8913c3d82ce96eb0368a1f9e5
> 
> Also, requests from past releases:
> 
> PHP 5.6.28 + 7.0.13
> #73192 parse_url return wrong hostname
> https://bugs.php.net/bug.php?id=73192
> http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
> 
> 5.6.30 + 7.0.15
> #73773 Seg fault when loading hostile phar
> https://bugs.php.net/bug.php?id=73773
> http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451

CVE assignement requests are not handled anymore directly via the
oss-security list, but need to be filled/requested at
https://cveform.mitre.org/

Once CVE are assigned, can you repost them here for benefit of other
reader?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ