|
Message-Id: <20160505220104.3054F6CC095@smtpvmsrv1.mitre.org> Date: Thu, 5 May 2016 18:01:04 -0400 (EDT) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: PHP: several issues fixed with 7.0.6, 5.6.21 and 5.5.35 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > 1/ bcpowmod accepts negative scale and corrupts _one_ definition > - https://bugs.php.net/bug.php?id=72093 > - https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd >> [2016-04-25 01:31 UTC] stas@....net >> >> Two problems here actually: bcpowmod accepting negative scale and >> _one_ definition being overridden by scale adjustment. Use CVE-2016-4537 for "bcpowmod accepting negative scale." Use CVE-2016-4538 for "_one_ definition being overridden by scale adjustment." > 2/ xml_parse_into_struct segmentation fault > - https://bugs.php.net/bug.php?id=72099 > - https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc >> AddressSanitizer: SEGV on unknown address Use CVE-2016-4539. > 3/ Out-of-bounds reads in zif_grapheme_stripos with negative offset > - https://bugs.php.net/bug.php?id=72061 > - https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb Use CVE-2016-4540 for the grapheme_stripos issue. Use CVE-2016-4541 for the grapheme_strpos issue (separately discovered). > 4/ Out of bounds heap read access in exif header processing > - https://bugs.php.net/bug.php?id=72094 > - https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92 Use CVE-2016-4542 for the issue associated with the spprintf call. Use CVE-2016-4543 for both issues in which "Illegal IFD size" validation was added. Use CVE-2016-4544 for the issue in which "Invalid TIFF start" validation was added. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXK8GIAAoJEHb/MwWLVhi2/LAP/Rilr5fFWad/xntAVEnxwlFG /mTNs7JMK4GMq64DkafJIkWcv96b0/Xbscb6FzpUtiSHvCKjWZKyQjau5nT1Z4mg IlOgEC7CwDFXjPmSBxmhgK4RcjJv/XoHDBOkj8yH0PZ7rLcyGiJrbQ8kWl5t7rvc YJApIajtiK6dRx8B7Ddcdo843Q2IpThPi47/VihSYP8z1IBx5I5uBpQxApVo/AA+ 3Ayucf7+zI0pBGjOOAj0jaKA0n9RI8/6zRId0V8+sE1VQfPfh0809x9KqccWL2FB TE+amquxVA/TRNugemsAy6XRog4WbCD38P2aAa076jW7BQmRw8tOaNFDJzCHGEhj wYmhmIx+dbC6e+yRF5zb4BzZkxRm7uR2Psp8+QBj+BzaT/+6xrlGmjzGJhZhaU1n usSpPTvWaeV1iP4CL6jKVDe18A0/brf2H7snwFjjTv2583PQ9QQLSKRWUNnfq3xX xu+1MTPN/qStwHUUN2DyYLHytDKGBdYkTX867ZGrNIyaFpGKLvKVMrwJijwlWXdU sLiFuDMaZLtzzN5vobpDcSGhtB26f/YDh2dA7BSPPTT1hOzOgwVL9uTX0hldZlcQ hjAkVQ0rNVD8zo+JDxAk3wyphgF5gkb+KSOx+A9zPv5zO5hI/Trb4yygKHeLbGQU 2rDmztzq9xFdHeYEpid1 =z62X -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.