|
Message-ID: <6e56a280b1e54957ad767f3bc5284e90@imshyb02.MITRE.ORG> Date: Mon, 12 Dec 2016 13:00:09 -0500 From: <cve-assign@...re.org> To: <kaplanlior@...il.com> CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>, <security@....net> Subject: Re: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Fixed in PHP 5.6.28, 7.0.13 and 7.1.0: > Bug #72696 imagefilltoborder stackoverflow on truecolor images > https://bugs.php.net/bug.php?id=72696 > https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 Use CVE-2016-9933. The scope of this CVE is only the missing "color < 0" test in older versions. https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e is also about comparisons to "im->colorsTotal - 1" - if that's also a libgd vulnerability fix, and someone wants a CVE ID for that, please let us know. > Fixed in PHP 5.6.28, 7.0.13 and 7.1.0: > Bug #73331 NULL Pointer Dereference in WDDX Packet Deserialization with > PDORow > https://bugs.php.net/bug.php?id=73331 > https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d Use CVE-2016-9934. The scope of this CVE is everything fixed by 6045de69c7dedcba3eadf7c4bba424b19c81d00d. We could not immediately determine whether the new "pdo_row_ce->unserialize = zend_class_unserialize_deny" line, by itself, could stand as an independent fix for a subset of the problem. > Fixed in PHP 5.6.29 and 7.0.14: > Bug #73631 Invalid read when wddx decodes empty boolean element > https://bugs.php.net/bug.php?id=73631 > https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0 Use CVE-2016-9935. > Fixed in PHP 7.0.14 and 7.1.0: > Bug #72978 Use After Free in PHP7 unserialize() > https://bugs.php.net/bug.php?id=72978 > https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17 Use CVE-2016-9936. The b2af4e8868726a040234de113436c6e4f6372d17 commit message is "Complete the fix of bug #70172 for PHP 7." Because 70172 is referenced by CVE-2015-6834, it is possible to say that CVE-2016-9936 exists because of an incomplete fix for CVE-2015-6834. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYTuTBAAoJEHb/MwWLVhi2tzwQAJNkrZlt5Jz6HNM4QAS4uZgw TBOaGJXVjJF3DQDyR2jb+wYDnMkCWWON0lTw4pUj1sL8JgmxI+R0cT/eTVIBqyGZ zyUFzmMSXbt0HQ58Er1v2kZYOnjalD6q8UsME66wO0qVNRDDwpiS93j4yqc42RhH l1KcO7DjfbOyEIN/ZNzSLKn9L5Sn/bT0paeXdr5TfmqMDzGHwM0V7NgrjmJeJMTt OteCcYQz+r9vLmvM8Ol8Jlj4f5GZvbB8ClBjNmvhUANyxwZjVQ56a1hP/a+w6aw7 VBTJ9Jpj8SvdBNweTrehLD8e7XwePyN/YuJ8tQ6lhrxL+Xtt6TDt/ug7fpGASoVn VD93ExsIokXlgHDJ+4Jfqt0h0f7j2F2Ri7yTmpGCxBrBeIYgFJ949Ak+W2u9OJQz 51IEO8hUfYbtLqgRw30ZfW2pqYZQ5z75amlbgfb9qvgtcdxBI14/B+cehqrRXJhK PbebZHfU/EVb+ZFMJLROsKT5NedrTT5T3oWGaYamRTQm/0Zx0f2YeJT5j/5kJJFz YfB2IPdU2a/fdg8H3lZuKU8ti4Y/3ySSdzAzRaXK+TIAds7wfkUdKm+C5hgyjGgX NK7XO/omrEyUsWdvI/4cKuIWb0yjcoLqB5yZWcIzU/D7/RynAmj92s1G8bAO8rga SJV6zg4FuvvBpDH+1rJJ =QPcf -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.