oss-sec mailing list archives
Re: CVE request: issues fixed in PHP 5.6.14 and 5.5.30
From: cve-assign () mitre org
Date: Sat, 10 Oct 2015 13:14:29 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
the changelog for PHP 5.6.14 and 5.5.30 lists these two issues that have a security impact:
Null pointer dereference in phar_get_fp_offset() https://bugs.php.net/bug.php?id=69720
Use CVE-2015-7803.
Uninitialized pointer in phar_make_dirstream when zip entry filename is "/" https://bugs.php.net/bug.php?id=70433
Use CVE-2015-7804. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWGUcBAAoJEL54rhJi8gl5sTgQAK10QPBUELp73MG9/oNZuBvU StOfUjxvuassZxtgqn3w0cnujL2USo4YK0OyJIecurbJSlnb2mFNM9HR6DN5XDXq Z7DxcB3TCjy7tqBCzNTyhtEErs2eEfHJ6nMFXPVznby44hxV8Q6ywfvA0HsWcyfe AFqwM2EwjdB4iulpS2ICRG8Pv86trEO6nulDQAqPJXUQhRQgE/B6P8v9BU5/K9oi mJ8IEq6eYQaQAG8O/pC20tdHRfcxoHmpwmPLGsKSGtg3Xqnsyq5I4Q3PLy9YqI57 73E3B2OQFbCeqmxIOgeP5wxtlB0Ocaa68wthQYBQgD2rzz/AID208EpyIinMRkSB 6vsQYf79LNP92H2ZG7Alua/eNQGkDDhKKLLKd9agi1kosdl5VZEm12OLHBipqytk QZ0hiBwzVbIOIVkWEgcVStJ7j138IIzHzGozH1rCFznmu2WeAYzm/WwuJtRyPiM+ aDV8vPBfT7MlWiPTnA6PtUp3zZAP+0GNSdqKE3Mao+0GTKxaAfL0pvs0f+xjzHJ3 Lil+jiRzCw7taCU6RLrkwBA4qOg6haOE3L7BN7t9QNLDo0dsreSzaNvqSGz9PjY+ 56gxGj5OQrhQPoAEz4L5TFGrEFBXfDO8NO35OpHshHhA84lMxn1DB52gzvvoDfy3 4lbpHx4iI5IZQcJBjVmt =lyc/ -----END PGP SIGNATURE-----
Current thread:
- CVE request: issues fixed in PHP 5.6.14 and 5.5.30 Martin Prpic (Oct 05)
- Re: CVE request: issues fixed in PHP 5.6.14 and 5.5.30 cve-assign (Oct 10)