Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 15 Sep 2016 14:44:40 +0300
From: Lior Kaplan <kaplanlior@...il.com>
To: oss-security@...ts.openwall.com
Cc: "security@....net" <security@....net>
Subject: CVE assignment for PHP 5.6.26 and 7.0.11

Hi,

Both PHP versions have been tagged.

Please assign CVEs to the following issues:

PHP 5.6.26 only:

bug #73052 (Memory Corruption in During Deserialized-object Destruction).
https://bugs.php.net/bug.php?id=73052
http://git.php.net/?p=php-src.git;a=commit;h=6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43


PHP 5.6.26 and 7.0.11:

bug #72293 (Heap overflow in mysqlnd related to BIT fields).
https://bugs.php.net/bug.php?id=72293
http://git.php.net/?p=php-src.git;a=commit;h=28f80baf3c53e267c9ce46a2a0fadbb981585132

bug #72860 (wddx_deserialize use-after-free).
https://bugs.php.net/bug.php?id=72860
http://git.php.net/?p=php-src.git;a=commit;h=b88393f08a558eec14964a55d3c680fe67407712

bug #72928 (Out of bound when verify signature of zip phar in
phar_parse_zipfile).
https://bugs.php.net/bug.php?id=72928
http://git.php.net/?p=php-src.git;a=commit;h=0bfb970f43acd1e81d11be1154805f86655f15d5

bug #73007 (add locale length check).
https://bugs.php.net/bug.php?id=73007
http://git.php.net/?p=php-src.git;a=commit;h=6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b

bug #73029 (Missing type check when unserializing SplArray).
https://bugs.php.net/bug.php?id=73029
http://git.php.net/?p=php-src.git;a=commit;h=ecb7f58a069be0dec4a6131b6351a761f808f22e

bug #73065 (Out-Of-Bounds Read in php_wddx_push_element).
https://bugs.php.net/bug.php?id=73065
http://git.php.net/?p=php-src.git;a=commit;h=c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29

Thanks,

Kaplan

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.