Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath;

[Tomas Hoger <thoger () redhat com>]

On Fri, 17 Jul 2015 15:54:25 +0200 Vasyl Kaigorodov wrote:

> I'd like to request a CVEs for the below issues fixed in PHP 5.5.27
> and 5.4.43 (5.6.x was not affected by those it looks like):
>
> Segfault in Phar::convertToData on invalid file
> https://bugs.php.net/bug.php?id=69958
> http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
>
> Buffer overflow and stack smashing error in phar_fix_filepath
> https://bugs.php.net/bug.php?id=69923
> http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f

Another fix noted in 5.6.11 / 5.5.27 / 5.4.43 is:

Mysqlnd: Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152)

https://bugs.php.net/bug.php?id=69669
http://git.php.net/?p=php-src.git;a=commitdiff;h=97aa752fee61fccdec361279adbfb17a3c60f3f4

It references a CVE that was assigned to MySQL / libmysqlclient.  As
the fix was applied to mysqlnd - re-implementation of the MySQL client
- can the original BACKRONYM CVE still be used here, or is a new CVE
id needed?

Thank you!

-- 
Tomas Hoger / Red Hat Product Security