oss-sec mailing list archives
CVE assignment for PHP 5.6.25 and 7.0.10
From: Lior Kaplan <kaplanlior () gmail com>
Date: Fri, 2 Sep 2016 11:42:31 +0300
Hello Mitre team, Please consider CVE assignment for the following issues in PHP. Shared between PHP 5.6.25 and 7.0.10: Core: Bug #72663 <https://bugs.php.net/bug.php?id=72663> Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization Bug #72681 <https://bugs.php.net/bug.php?id=72681> PHP Session Data Injection Vulnerability GD: Bug #72697 <https://bugs.php.net/bug.php?id=72697> select_colors write out-of-bounds Bug #72730 <https://bugs.php.net/bug.php?id=72730> imagegammacorrect allows arbitrary write access EXIF: Bug #72627 <https://bugs.php.net/bug.php?id=72627> Memory Leakage In exif_process_IFD_in_TIFF WDDX: Bug #72749 <https://bugs.php.net/bug.php?id=72749> wddx_deserialize allows illegal memory access Bug #72750 <https://bugs.php.net/bug.php?id=72750> wddx_deserialize null dereference Bug #72790 <https://bugs.php.net/bug.php?id=72790> wddx_deserialize null dereference with invalid xml Bug #72799 <https://bugs.php.net/bug.php?id=72799> wddx_deserialize null dereference in php_wddx_pop_element PHP 7.0.10 only: Core: Bug #72742 <https://bugs.php.net/bug.php?id=72742> memory allocator fails to realloc small block to large one cURL: Bug #72674 <https://bugs.php.net/bug.php?id=72674> Heap overflow in curl_escape Thanks, Kaplan
Current thread:
- CVE assignment for PHP 5.6.25 and 7.0.10 Lior Kaplan (Sep 02)
- Re: CVE assignment for PHP 5.6.25 and 7.0.10 - and libcurl cve-assign (Sep 02)