Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 4 Feb 2015 19:53:36 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE Request: PHP/file: out-of-bounds memory access in softmagic

Hi,
please assign a CVE ID for this issue in file (and in the respective
PHP extension):

Originally reported in file:
Bug report: http://bugs.gw.com/view.php?id=398
Fix: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158

A slightly modified version is also present in PHP (it should receive
the same CVE ID):
Bug report: https://bugs.php.net/bug.php?id=68735
Fix: https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079

We've already fixed these in Debian updates (but CVE IDs haven't been available
back then):

file: https://lists.debian.org/debian-security-announce/2015/msg00003.html
php5: https://lists.debian.org/debian-security-announce/2015/msg00008.html

Cheers,
        Moritz
        

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.