oss-sec mailing list archives

Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability

From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 3 Jul 2014 19:36:00 +0200

Hi

Recent PHP updates mention bug #67498 in their changes[1,2]: Fixed bug
#67498 (phpinfo() Type Confusion Information Leak Vulnerability).

Upstream bug is at [3], which does not seem to have a CVE assigned.
(If so, could one be assigned?).

 [1] http://www.php.net/ChangeLog-5.php#5.4.30
 [2] http://www.php.net/ChangeLog-5.php#5.5.14
 [3] https://bugs.php.net/bug.php?id=67498

Thanks in advance,

Regards,
Salvatore

Current thread:

Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Salvatore Bonaccorso (Jul 03)
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Kurt Seifried (Jul 04)
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability cve-assign (Jul 06)
- <Possible follow-ups>
- Re: Possible CVE request: php5: phpinfo() Type Confusion Information Leak Vulnerability Loganaden Velvindron (Jul 06)