Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 10 Mar 2015 10:16:26 -0400 (EDT)
From: Francisco Alonso <falonsoe@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE Request: PHP 5.6.6 changelog

Hi,

Could a CVE be please assigned to the following issues? [3] (in case it was
not requested to MITRE before):

[1] PHP: heap buffer overflow in enchant_broker_request_dict() :
https://bugs.php.net/bug.php?id=68552
http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
https://bugzilla.redhat.com/show_bug.cgi?id=1194737


[2] PHP: Double free with disabled ZMM:
https://bugs.php.net/bug.php?id=68827
http://git.php.net/?p=php-src.git;a=commit;h=91aa340180eccfc15d4a143b54d47b8120f898be
https://bugzilla.redhat.com/show_bug.cgi?id=1194741


[3] PHP: use after free in phar_object.c
https://bugs.php.net/bug.php?id=68901
http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
https://bugzilla.redhat.com/show_bug.cgi?id=1194747


Thank you

Francisco Alonso / Red Hat Product Security
PGP: 0xA026440E 0825 020C 7A5A 4F86 9038  B1C8 5562 688F A026 440E

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.