oss-sec mailing list archives

CVE request: PHP MOPS-2010-56..60

From: Raphael Geissert <geissert () debian org>
Date: Wed, 30 Jun 2010 11:27:19 -0500

Hi,

According to our tracker there are still some MOPS issues that don't have 
CVE ids.

More specifically:

60: PHP Session Serializer Session Data Injection Vulnerability

http://svn.php.net/viewvc?view=revision&revision=298608

59: PHP php_mysqlnd_auth_write() Stack Buffer Overflow Vulnerability

http://svn.php.net/viewvc?view=revision&revision=298703

58: PHP php_mysqlnd_read_error_from_line() [Heap] Buffer Overflow

Vulnerability
http://svn.php.net/viewvc?view=revision&revision=298703

57 PHP php_mysqlnd_rset_header_read() [Heap] Buffer Overflow Vulnerability

I think this is http://svn.php.net/viewvc?view=revision&revision=298235

56 PHP php_mysqlnd_ok_read() Information Leak Vulnerability

http://svn.php.net/viewvc?view=revision&revision=298703

Could CVE ids be assigned?

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Current thread:

CVE request: PHP MOPS-2010-56..60 Raphael Geissert (Jun 30)
- Re: CVE request: PHP MOPS-2010-56..60 Josh Bressers (Jun 30)