Date: Fri, 29 May 2015 17:07:51 +0200 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: <kaplanlior@...il.com>, <security@....net>, cve-assign@...re.org Subject: Re: Re: CVE Request: various issues in PHP On Wed, 20 May 2015 15:49:34 +0200 Vasyl Kaigorodov wrote: > > >> https://bugs.php.net/bug.php?id=69418, > > >> https://bugs.php.net/bug.php?id=68598 - various functions allow > > >> \0 in paths where they shouldn't. In theory, that could lead to > > >> security failure for path-based access controls if the user > > >> injects string with \0 in it. It's a bit theoretical, but it's a > > >> possibility. > > CVE-2015-4025, CVE-2015-4026 respectively. Both of these CVEs are addressed in a single commit, that also covers few other functions not mentioned in either of the two bug reports (dir()/opendir() and chroot()). Which CVE do those additional fixes fall under? They are not 5.4 regressions, so probably not CVE-2015-4025, but maybe not under CVE-2015-4026 either given that bug 68598 only mentions pcntl_exec(). I think there are few fixes in 5.4.40 / 5.5.24 / 5.6.8 that should have CVEs assigned: https://bugs.php.net/bug.php?id=69353 http://git.php.net/?p=php-src.git;a=commitdiff;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80 More CVE-2015-4025 / CVE-2015-4026 / CVE-2006-7243 like issues. More notes on what got changed is in RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1213407#c5 https://bugs.php.net/bug.php?id=69152 http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4 http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 More unserialize issues. https://bugs.php.net/bug.php?id=68819 http://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd Fileinfo DoS. Can CVEs be assigned for these? Thank you! -- Tomas Hoger / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.