oss-sec mailing list archives
CVE for PHP 5.5.37 issues
From: Lior Kaplan <kaplanlior () gmail com>
Date: Thu, 23 Jun 2016 10:58:34 +0300
Hi, PHP 5.5.37 is near its release, please review these following issues for CVE: GD: . Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre) https://bugs.php.net/bug.php?id=72339 http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac GD: . Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre) https://bugs.php.net/bug.php?id=72446 http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6 - mbstring: . Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas) https://bugs.php.net/bug.php?id=72402 http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62 - mcrypt: . Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas) https://bugs.php.net/bug.php?id=72455 http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0 - SPL: . Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas) https://bugs.php.net/bug.php?id=72262 http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba - SPL: . Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) https://bugs.php.net/bug.php?id=72433 http://git.php.net/?p=php-src.git;a=commitdiff;h=3f627e580acfdaf0595ae3b115b8bec677f203ee - WDDX: . Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas) https://bugs.php.net/bug.php?id=72340 http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c - zip: . Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry) https://bugs.php.net/bug.php?id=72434 http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6 Kaplan
Current thread:
- CVE for PHP 5.5.37 issues Lior Kaplan (Jun 23)
- Re: CVE for PHP 5.5.37 issues cve-assign (Jun 23)