oss-sec mailing list archives
Re: CVE for PHP 5.5.37 issues
From: cve-assign () mitre org
Date: Thu, 23 Jun 2016 08:29:29 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
GD: Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) https://bugs.php.net/bug.php?id=72339 http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac
Use CVE-2016-5766.
GD: Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre) https://bugs.php.net/bug.php?id=72446 http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6
Use CVE-2016-5767.
- mbstring: Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas) https://bugs.php.net/bug.php?id=72402 http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62
Use CVE-2016-5768.
- mcrypt: Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas) https://bugs.php.net/bug.php?id=72455 http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
Use CVE-2016-5769 for both the mcrypt_generic issue and the mdecrypt_generic issue.
- SPL: Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas) https://bugs.php.net/bug.php?id=72262 http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
Use CVE-2016-5770.
SPL: Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) https://bugs.php.net/bug.php?id=72433 http://git.php.net/?p=php-src.git;a=commitdiff;h=3f627e580acfdaf0595ae3b115b8bec677f203ee
Use CVE-2016-5771. Note that, unlike bug #72434, this does not affect PHP 7.x.
- WDDX: Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas) https://bugs.php.net/bug.php?id=72340 http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
Use CVE-2016-5772.
- zip: Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) https://bugs.php.net/bug.php?id=72434 http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
Use CVE-2016-5773. Note that, unlike bug #72433, this does affect PHP 7.x. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXa9W9AAoJEHb/MwWLVhi21HQP/2TrLMSE66XNehUsc3fp1RhQ W6Gx2uqOuNt5ueNZE8lSj1WB6HKDQc9gaUIAK6W0G/XFZqg9NNii1w//6zyMAAo6 IOLjcHAOiqxHdqzlg5pHcGjV9tCzshARcE22Uu3A3BljVUycv2CdBFgwGsGAV4FU rx5YH2C/9pDiuN2rnN/rsD87TYJ3krciTX4tF+AV3EQSkhQYyy8nWIxMsKlV2DsC DaIaOvB9/10ySOyn5nQ3/2ViTO46LKCI/S7PHuhe6dAQfhXTIllKPRDB8z4dm1YD WA7o3TzrF+j4wlV2hrZ+VTLIgTkI3uuzqJHisp0vuYo3/PlIqP0FNKwNiM9v31lO 7ivHLnfTVPoCcZCWtS83L6uh/GlkUy8L6k3NZdhcMmdbHp2cp3N7zyfue1WNvD3x m1bWL41a+VQgxF/jXHUaj814fioA8Rhe/8eXjjYRYmf0UWwEo50M4wQU1gvHm9vT P+6TvfvlzOIJkLQ1o1prnWRuQhH3BIeHeXJp8k6m+ujHi2orV4zyHJ2E33/pzUP5 +n6deBFsZ7J2z6U4BmaGbMjTgxOKIgrKf10VHW3elVpobwCgS57H7O2I3sLlJqjS RW70mCPmUYvIbC4nxQsO2kVkbQaERmDItzY70j0zOOBa1+e4ZjpnWHGEBtp56QKg TF8nawWbJSDCxXEIbb7U =VMyi -----END PGP SIGNATURE-----
Current thread:
- CVE for PHP 5.5.37 issues Lior Kaplan (Jun 23)
- Re: CVE for PHP 5.5.37 issues cve-assign (Jun 23)