oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: PHP MOPS-2010-56..60

From: Pierre Joye <pierre.php () gmail com>
Date: Mon, 23 Aug 2010 16:24:53 +0200
hi,

Can you send me a list of the MOPS CVE please? I'm missing some and I
would like to update the NEWS file accordingly.

Cheers,

On Fri, Aug 20, 2010 at 6:59 PM, Steven M. Christey
<coley () linus mitre org> wrote:


Apologies to everyone, especially Moritz who pinged me on this privately a
while ago.

Some of these CVEs are SPLIT based on very narrow distinctions between types
of buffer overflows, where others might have merged.  This is one area where
there can be some variability in CVE assignments depending on the amount of
available information.


CVE-2010-3062

 - MOPS-2010-056, MOPS-2010-057
 - buffer overflow with untrusted length

CVE-2010-3063

 - MOPS-2010-058
 - buffer overflow with calculation error

CVE-2010-3064

 - MOPS-2010-059
 - classic overflow

CVE-2010-3065
 - MOPS-2010-060
 - session deserializer data injection



- Steve





-- 
Pierre

@pierrejoye | http://blog.thepimp.net | http://www.libgd.org
Previous By Date Next
Previous By Thread Next

Current thread: