Date: Wed, 4 Feb 2015 19:53:36 +0100 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE Request: PHP/file: out-of-bounds memory access in softmagic Hi, please assign a CVE ID for this issue in file (and in the respective PHP extension): Originally reported in file: Bug report: http://bugs.gw.com/view.php?id=398 Fix: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158 A slightly modified version is also present in PHP (it should receive the same CVE ID): Bug report: https://bugs.php.net/bug.php?id=68735 Fix: https://bugs.php.net/patch-display.php?bug=68735&patch=bug68735.patch&revision=1420309079 We've already fixed these in Debian updates (but CVE IDs haven't been available back then): file: https://lists.debian.org/debian-security-announce/2015/msg00003.html php5: https://lists.debian.org/debian-security-announce/2015/msg00008.html Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.