oss-sec mailing list archives
Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 21 Apr 2016 19:42:20 +0200
Hi, On Mon, Apr 11, 2016 at 09:41:41PM +0200, Matthias Geerdsen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, could you please provide CVE IDs for the following PHP issues fixed in the latest releases, as I have not yet seen any IDs yet: - - Buffer over-write in finfo_open with malformed magic file https://bugs.php.net/bug.php?id=71527 http://bugs.gw.com/view.php?id=522 - - Integer overflow in php_raw_url_encode https://bugs.php.net/bug.php?id=71798 https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c 1661db6ba2c451 - - php_snmp_error() Format String Vulnerability https://bugs.php.net/bug.php?id=71704 https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060 ce9c9269bbdcf8 - - Invalid memory write in phar on filename containing \0 inside name https://bugs.php.net/bug.php?id=71860 https://gist.github.com/smalyshev/80b5c2909832872f2ba2 - - AddressSanitizer: negative-size-param (-1) in mbfl_strcut https://bugs.php.net/bug.php?id=71906 https://gist.github.com/smalyshev/d8355c96a657cc5dba70
Can CVE identiers be assigned for those? The recent Ubuntu USN 2952-1 as well fixed some other issues without CVE identifers, cf. http://www.ubuntu.com/usn/usn-2952-1/ Regards, Salvatore
Attachment:
signature.asc
Description:
Current thread:
- CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Matthias Geerdsen (Apr 11)
- Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Salvatore Bonaccorso (Apr 21)
- Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Marc Deslauriers (Apr 21)
- Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases cve-assign (Apr 23)
- Re: CVE request: PHP issues fixed in 7.0.5, 5.6.20 and 5.5.34 releases Salvatore Bonaccorso (Apr 21)