Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 May 2016 10:51:15 +0300
From: Lior Kaplan <kaplanlior@...il.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Fwd: CVE for PHP 5.5.36 issues

Hi,

Please assign CVE for the following issues, expected to be part of PHP
5.5.36
Code at http://git.php.net/?p=php-src.git;a=shortlog;h=refs/heads/PHP-5.5

#72227 is a backport from upstream, so we'd prefer to reuse their CVE (if
already exists).
#72135 and 72114 are PHP 5.x only bugs.

Thanks,

Kaplan

---------- Forwarded message ----------
From: Lior Kaplan <kaplanlior@...il.com>
Date: Wed, May 25, 2016 at 12:55 AM
Subject: CVE for PHP 5.5.36 issues ?
To: "security@....net" <security@....net>

Following my mail bellow from last week, these are the issues which got
fixed in the security repository for PHP 5.5.

commit 7a1aac3343af85b4af4df5f8844946eaa27394ab
Author: Stanislav Malyshev <stas@....net>
Date:   Mon May 23 00:28:02 2016 -0700

    Fixed bug #72227: imagescale out-of-bounds read

    Ported from
https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a

commit 97eff7eb57fc2320c267a949cffd622c38712484
Author: Stanislav Malyshev <stas@....net>
Date:   Sun May 22 17:49:02 2016 -0700

    Fix bug #72241: get_icu_value_internal out-of-bounds read

commit 0da8b8b801f9276359262f1ef8274c7812d3dfda
Author: Stanislav Malyshev <stas@....net>
Date:   Sun May 15 23:26:51 2016 -0700

    Fix bug #72135 - don't create strings with lengths outside int range

commit abd159cce48f3e34f08e4751c568e09677d5ec9c
Author: Stanislav Malyshev <stas@....net>
Date:   Mon May 9 21:55:29 2016 -0700

    Fix bug #72114 - int/size_t confusion in fread

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.