oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: PHP MOPS-2010-56..60

From: Josh Bressers <bressers () redhat com>
Date: Wed, 30 Jun 2010 14:45:11 -0400 (EDT)
I'm going to leave these for MITRE. They handled all the other MOPS bugs,
it's possible these have IDs and we just don't know.

Thanks.

-- 
    JB


----- "Raphael Geissert" <geissert () debian org> wrote:


Hi,

According to our tracker there are still some MOPS issues that don't
have 
CVE ids.

More specifically:


60: PHP Session Serializer Session Data Injection Vulnerability

http://svn.php.net/viewvc?view=revision&revision=298608


59: PHP php_mysqlnd_auth_write() Stack Buffer Overflow

Vulnerability
http://svn.php.net/viewvc?view=revision&revision=298703


58: PHP php_mysqlnd_read_error_from_line() [Heap] Buffer Overflow 

Vulnerability
http://svn.php.net/viewvc?view=revision&revision=298703


57 PHP php_mysqlnd_rset_header_read() [Heap] Buffer Overflow

Vulnerability
I think this is
http://svn.php.net/viewvc?view=revision&revision=298235


56 PHP php_mysqlnd_ok_read() Information Leak Vulnerability

http://svn.php.net/viewvc?view=revision&revision=298703

Could CVE ids be assigned?

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Previous By Date Next
Previous By Thread Next

Current thread: