Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Aug 2016 12:49:25 +0200
From: "F. Alonso" <rs@...skills.cz>
To: oss-security@...ts.openwall.com
Cc: CVE ID Requests <cve-assign@...re.org>
Subject: CVE Requests Facebook HHVM

Hi,

The following commits patched several security flaws that I recently
reported to Facebook's complete toolchain for the PHP language, HHVM [1]
version 3.14.2 and 3.14.3.

Could you assing CVEs for those issues?


-Fix out of bounds write access in
mb_detect_encoding, mb_send_mail, mb_detect_order.
https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2

-Fix buffer overrun due to integer overflow in bcmath
https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475

-Fix integer overflow in StringUtil::implode
https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271

-Fix self recursion in compact
https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e

-Fix recursion checks in array_*_recursive
https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69

-Fix infinite recursion in wddx
https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2

[1] https://github.com/facebook/hhvm


Thank you,

-- 

Francisco Alonso.
http://twitter.com/revskills
PGP: 0xE2E64DCA
--

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.