oss-sec mailing list archives
Re: CVE Request: PHP last release security issues
From: cve-assign () mitre org
Date: Fri, 25 Mar 2016 12:01:48 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I see a similar bug and fix in the PHP 5.x branch: https://bugs.php.net/bug.php?id=70081 https://git.php.net/?p=php-src.git;a=commitdiff;h=c96d08b27226193dd51f2b50e84272235c6aaa69 Note that the bug was filed in 2015. It was fixed in 5.6.12
Bug 70081 is divided into two parts: "The first problem lies how zend_hash_get_current_key is called" and "Second problem is a few lines later."
Does CVE-2016-3185 cover the issue in 5.x, as well?
The CVE ID for the 5.x issue that was addressed by the https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba code change is CVE-2016-3185. (Ideally, this would've had a CVE-2015-#### number but we're not changing that now.) We have assigned a new ID, CVE-2015-8835, for the "The first problem" section of Bug 70081. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW9WAMAAoJEL54rhJi8gl5qaUQAIxfKaCFTJc+dKpEi5rE5HKL WI3ZrnboUrMbauC2jj4lfXtSLYf2efuVip3ztYzhqwTuoTJrP5+csl4ZcQ1I3ryu zZNhlnAPTYz16x1nX/j+SMlABoXTpt5Om8py3pzXTpjFKK4+Suy200ilHkGEJKp+ SKr76jUkhk9tkjuVSJaLzZKPvCnLK26uLspqgDeEsnRA08NfP37MeXVtxuUMazG3 s+agZdoGBVNmBi0UwpNRYOqnD8mF7YmFkjDP2Rn6HstacgbbmeLQceb2nDPNzNqC okPsxq3UM0mmiOzK7g/I7CmqaYauRG/jHK7Gh53JY1vpDs+PND6qvy/T5omnpB7X Av7cFzHOjmgy0Exl1ByqrSLgXz7jPZv3tNhtb2xaR3+HMF7ZPWXaNVKMl5bNdkDM WEgZv1DAU8jXfJVvx9tmp9qrRHH3Aole2+ezmz3gRHSVbdXZ+YqO+UMwNoe0GDSE w0kka5auFBrBfpljgVBkNmH84+6e+cjQbcxlMasfwo7SE70bgQd+Ro/y0QH0fGbY OrlrHbd/QJ1RlrRUCEShnrcCgMXn/hcK8UGFiFmXC3YIobDwvCjS23ITEHEJN2c1 VcKoZMCcTd7PrpAhwfHc9gCJ5E1pEAcF/XtqLR9xKQSLoUgH23IeV9zr0kYbOQbe veMxkk/NH3vUm6PS15VK =AhMF -----END PGP SIGNATURE-----
Current thread:
- CVE Request: PHP last release security issues Marcus Meissner (Mar 10)
- Re: CVE Request: PHP last release security issues cve-assign (Mar 16)
- Re: Re: CVE Request: PHP last release security issues Tyler Hicks (Mar 22)
- Re: CVE Request: PHP last release security issues cve-assign (Mar 25)
- Re: Re: CVE Request: PHP last release security issues Tyler Hicks (Mar 22)
- Re: CVE Request: PHP last release security issues cve-assign (Mar 16)