Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 11 Aug 2016 12:49:25 +0200
From: "F. Alonso" <>
Cc: CVE ID Requests <>
Subject: CVE Requests Facebook HHVM


The following commits patched several security flaws that I recently
reported to Facebook's complete toolchain for the PHP language, HHVM [1]
version 3.14.2 and 3.14.3.

Could you assing CVEs for those issues?

-Fix out of bounds write access in
mb_detect_encoding, mb_send_mail, mb_detect_order.

-Fix buffer overrun due to integer overflow in bcmath

-Fix integer overflow in StringUtil::implode

-Fix self recursion in compact

-Fix recursion checks in array_*_recursive

-Fix infinite recursion in wddx


Thank you,


Francisco Alonso.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.