oss-sec mailing list archives
CVE Request (PHP)
From: Josh Bressers <bressers () redhat com>
Date: Fri, 02 May 2008 11:02:02 -0400
So as some may have noticed, PHP 5.2.6 is out. Most of the flaws noted in the changelog have CVE ids, so here is the list: * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/fastcgi.c?r1=1.44&r2=1.45&diff_format=u * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. (CVE-2008-1384) http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. (CVE-2007-4850) * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. http://cvs.php.net/viewvc.cgi/php-src/ext/standard/exec.c?r1=1.113.2.3.2.1.2.3&r2=1.113.2.3.2.1.2.4&diff_format=u * Upgraded bundled PCRE to version 7.6 (fixes CVE-2008-0674) Only two seem to need CVE ids: * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. Steve, can you help out. Thanks. -- JB
Current thread:
- CVE Request (PHP) Josh Bressers (May 02)
- Re: CVE Request (PHP) Steven M. Christey (May 02)
- Re: Re: CVE Request (PHP) Robert Buchholz (May 06)
- Re: Re: CVE Request (PHP) Robert Buchholz (May 08)
- Re: Re: CVE Request (PHP) Robert Buchholz (May 08)
- Re: Re: CVE Request (PHP) Robert Buchholz (May 06)
- Re: CVE Request (PHP) Steven M. Christey (May 02)