oss-sec mailing list archives

Re: CVE request: PHP MOPS-2010-56..60

From: Tomas Hoger <thoger () redhat com>
Date: Thu, 19 Aug 2010 15:04:55 +0200

Hi Steven!

This seems to have slipped through the cracks.


On Wed, 30 Jun 2010 11:27:19 -0500 Raphael Geissert wrote:

Hi,

According to our tracker there are still some MOPS issues that don't
have CVE ids.

More specifically:

60: PHP Session Serializer Session Data Injection Vulnerability

http://svn.php.net/viewvc?view=revision&revision=298608

59: PHP php_mysqlnd_auth_write() Stack Buffer Overflow Vulnerability

http://svn.php.net/viewvc?view=revision&revision=298703

58: PHP php_mysqlnd_read_error_from_line() [Heap] Buffer Overflow

Vulnerability
http://svn.php.net/viewvc?view=revision&revision=298703

57 PHP php_mysqlnd_rset_header_read() [Heap] Buffer Overflow
Vulnerability

I think this is
http://svn.php.net/viewvc?view=revision&revision=298235

56 PHP php_mysqlnd_ok_read() Information Leak Vulnerability

http://svn.php.net/viewvc?view=revision&revision=298703

Could CVE ids be assigned?


-- 
Tomas Hoger / Red Hat Security Response Team

Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Moritz Muehlenhoff (Aug 19)
- Re: CVE request: PHP MOPS-2010-56..60 Steven M. Christey (Aug 20)
  - Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
    - Re: CVE request: PHP MOPS-2010-56..60 Moritz Muehlenhoff (Aug 23)
    - Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 23)
- <Possible follow-ups>
- Re: CVE request: PHP MOPS-2010-56..60 pierre.php () gmail com (Aug 19)
  - Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
    - Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)
    - Re: CVE request: PHP MOPS-2010-56..60 Tomas Hoger (Aug 20)
    - Re: CVE request: PHP MOPS-2010-56..60 Pierre Joye (Aug 20)

(Thread continues...)