Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 12 Dec 2016 13:00:09 -0500
From: <cve-assign@...re.org>
To: <kaplanlior@...il.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>,
	<security@....net>
Subject: Re: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
> Bug #72696    imagefilltoborder stackoverflow on truecolor images
> https://bugs.php.net/bug.php?id=72696
> https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1

Use CVE-2016-9933. The scope of this CVE is only the missing
"color < 0" test in older versions.
https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e
is also about comparisons to "im->colorsTotal - 1" - if that's also a
libgd vulnerability fix, and someone wants a CVE ID for that, please
let us know.


> Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
> Bug #73331    NULL Pointer Dereference in WDDX Packet Deserialization with
> PDORow
> https://bugs.php.net/bug.php?id=73331
> https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d

Use CVE-2016-9934. The scope of this CVE is everything fixed by
6045de69c7dedcba3eadf7c4bba424b19c81d00d. We could not immediately
determine whether the new "pdo_row_ce->unserialize =
zend_class_unserialize_deny" line, by itself, could stand as an
independent fix for a subset of the problem.


> Fixed in PHP 5.6.29 and 7.0.14:
> Bug #73631    Invalid read when wddx decodes empty boolean element
> https://bugs.php.net/bug.php?id=73631
> https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0

Use CVE-2016-9935.


> Fixed in PHP 7.0.14 and 7.1.0:
> Bug #72978    Use After Free in PHP7 unserialize()
> https://bugs.php.net/bug.php?id=72978
> https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17

Use CVE-2016-9936. The b2af4e8868726a040234de113436c6e4f6372d17 commit
message is "Complete the fix of bug #70172 for PHP 7." Because 70172
is referenced by CVE-2015-6834, it is possible to say that
CVE-2016-9936 exists because of an incomplete fix for CVE-2015-6834.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYTuTBAAoJEHb/MwWLVhi2tzwQAJNkrZlt5Jz6HNM4QAS4uZgw
TBOaGJXVjJF3DQDyR2jb+wYDnMkCWWON0lTw4pUj1sL8JgmxI+R0cT/eTVIBqyGZ
zyUFzmMSXbt0HQ58Er1v2kZYOnjalD6q8UsME66wO0qVNRDDwpiS93j4yqc42RhH
l1KcO7DjfbOyEIN/ZNzSLKn9L5Sn/bT0paeXdr5TfmqMDzGHwM0V7NgrjmJeJMTt
OteCcYQz+r9vLmvM8Ol8Jlj4f5GZvbB8ClBjNmvhUANyxwZjVQ56a1hP/a+w6aw7
VBTJ9Jpj8SvdBNweTrehLD8e7XwePyN/YuJ8tQ6lhrxL+Xtt6TDt/ug7fpGASoVn
VD93ExsIokXlgHDJ+4Jfqt0h0f7j2F2Ri7yTmpGCxBrBeIYgFJ949Ak+W2u9OJQz
51IEO8hUfYbtLqgRw30ZfW2pqYZQ5z75amlbgfb9qvgtcdxBI14/B+cehqrRXJhK
PbebZHfU/EVb+ZFMJLROsKT5NedrTT5T3oWGaYamRTQm/0Zx0f2YeJT5j/5kJJFz
YfB2IPdU2a/fdg8H3lZuKU8ti4Y/3ySSdzAzRaXK+TIAds7wfkUdKm+C5hgyjGgX
NK7XO/omrEyUsWdvI/4cKuIWb0yjcoLqB5yZWcIzU/D7/RynAmj92s1G8bAO8rga
SJV6zg4FuvvBpDH+1rJJ
=QPcf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.