Date: Thu, 5 May 2016 16:50:31 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Subject: CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35 Hi, With the 7.0.6, 5.6.21 and 5.5.35 PHP releases several issues were fixed, of those at least those four were as well commited to 5.5.35 (only in security-fixes mode) and might warrant a CVE: 1/ bcpowmod accepts negative scale and corrupts _one_ definition - https://bugs.php.net/bug.php?id=72093 - https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd 2/ xml_parse_into_struct segmentation fault - https://bugs.php.net/bug.php?id=72099 - https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc 3/ Out-of-bounds reads in zif_grapheme_stripos with negative offset - https://bugs.php.net/bug.php?id=72061 - https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb 4/ Out of bounds heap read access in exif header processing - https://bugs.php.net/bug.php?id=72094 - https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92 I merely only have checked the php changelogs, but cannot give background on the impact of those. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.