Date: Thu, 11 Aug 2016 12:49:25 +0200 From: "F. Alonso" <rs@...skills.cz> To: oss-security@...ts.openwall.com Cc: CVE ID Requests <cve-assign@...re.org> Subject: CVE Requests Facebook HHVM Hi, The following commits patched several security flaws that I recently reported to Facebook's complete toolchain for the PHP language, HHVM  version 3.14.2 and 3.14.3. Could you assing CVEs for those issues? -Fix out of bounds write access in mb_detect_encoding, mb_send_mail, mb_detect_order. https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2 -Fix buffer overrun due to integer overflow in bcmath https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475 -Fix integer overflow in StringUtil::implode https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271 -Fix self recursion in compact https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e -Fix recursion checks in array_*_recursive https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69 -Fix infinite recursion in wddx https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2  https://github.com/facebook/hhvm Thank you, -- Francisco Alonso. http://twitter.com/revskills PGP: 0xE2E64DCA --
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.