oss-sec mailing list archives
CVE assignment for PHP 5.6.26 and 7.0.11
From: Lior Kaplan <kaplanlior () gmail com>
Date: Thu, 15 Sep 2016 14:44:40 +0300
Hi, Both PHP versions have been tagged. Please assign CVEs to the following issues: PHP 5.6.26 only: bug #73052 (Memory Corruption in During Deserialized-object Destruction). https://bugs.php.net/bug.php?id=73052 http://git.php.net/?p=php-src.git;a=commit;h=6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43 PHP 5.6.26 and 7.0.11: bug #72293 (Heap overflow in mysqlnd related to BIT fields). https://bugs.php.net/bug.php?id=72293 http://git.php.net/?p=php-src.git;a=commit;h=28f80baf3c53e267c9ce46a2a0fadbb981585132 bug #72860 (wddx_deserialize use-after-free). https://bugs.php.net/bug.php?id=72860 http://git.php.net/?p=php-src.git;a=commit;h=b88393f08a558eec14964a55d3c680fe67407712 bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). https://bugs.php.net/bug.php?id=72928 http://git.php.net/?p=php-src.git;a=commit;h=0bfb970f43acd1e81d11be1154805f86655f15d5 bug #73007 (add locale length check). https://bugs.php.net/bug.php?id=73007 http://git.php.net/?p=php-src.git;a=commit;h=6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b bug #73029 (Missing type check when unserializing SplArray). https://bugs.php.net/bug.php?id=73029 http://git.php.net/?p=php-src.git;a=commit;h=ecb7f58a069be0dec4a6131b6351a761f808f22e bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). https://bugs.php.net/bug.php?id=73065 http://git.php.net/?p=php-src.git;a=commit;h=c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29 Thanks, Kaplan
Current thread:
- CVE assignment for PHP 5.6.26 and 7.0.11 Lior Kaplan (Sep 15)
- Re: CVE assignment for PHP 5.6.26 and 7.0.11 cve-assign (Sep 15)