Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Sep 2016 14:44:40 +0300
From: Lior Kaplan <>
Cc: "" <>
Subject: CVE assignment for PHP 5.6.26 and 7.0.11


Both PHP versions have been tagged.

Please assign CVEs to the following issues:

PHP 5.6.26 only:

bug #73052 (Memory Corruption in During Deserialized-object Destruction).;a=commit;h=6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43

PHP 5.6.26 and 7.0.11:

bug #72293 (Heap overflow in mysqlnd related to BIT fields).;a=commit;h=28f80baf3c53e267c9ce46a2a0fadbb981585132

bug #72860 (wddx_deserialize use-after-free).;a=commit;h=b88393f08a558eec14964a55d3c680fe67407712

bug #72928 (Out of bound when verify signature of zip phar in

bug #73007 (add locale length check).;a=commit;h=6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b

bug #73029 (Missing type check when unserializing SplArray).;a=commit;h=ecb7f58a069be0dec4a6131b6351a761f808f22e

bug #73065 (Out-Of-Bounds Read in php_wddx_push_element).;a=commit;h=c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.