oss-sec mailing list archives
Fwd: CVE for PHP 5.5.38 issues
From: Lior Kaplan <kaplanlior () gmail com>
Date: Sun, 24 Jul 2016 11:06:25 +0300
Hi, PHP 5.5.38 was released over the weekend, with a few security fixes, see list bellow (I removed issues already have CVE assigned to them). Source code is at http://git.php.net/?p=php-src.git;a=shortlog;h=refs/tags/php-5.5.38 - Core: . Fixed bug #70480 (php_url_parse_ex() buffer overflow read). (Stas) . Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (loianhtuan at gmail dot com) . Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (taoguangchen at icloud dot com) - EXIF: . Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (Stas) . Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (Stas) - Intl: . Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas) - SNMP: . Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (taoguangchen at icloud dot com) - Xmlrpc: . Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (Stas) - Zip: . Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (loianhtuan at gmail dot com) Thanks, Kaplan
Current thread:
- Fwd: CVE for PHP 5.5.38 issues Lior Kaplan (Jul 24)
- Re: Fwd: CVE for PHP 5.5.38 issues cve-assign (Jul 24)