oss-sec mailing list archives

Re: Re: CVE Request: Double Free in PHP

From: Joshua Rogers <oss () internot info>
Date: Tue, 30 Dec 2014 06:38:44 +1100

Hi,
On 30/12/14 03:36, cve-assign () mitre org wrote:

I found a double-free in PHP: https://bugs.php.net/bug.php?id=68676


And it has been patched in the following commits:

http://git.php.net/?p=php-src.git;a=commit;h=2bcf69d073190e4f032d883f3416dea1b027a39e
http://git.php.net/?p=php-src.git;a=commit;h=24125f0f26f3787c006e4a51611ba33ee3b841cb
http://git.php.net/?p=php-src.git;a=commit;h=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6

Use CVE-2014-9425.

I found in total I believe 5(don't quote me on that)
double-free's/use-after-frees/invalid-free's in PHP. Should I use the
same CVE-ID for all of them?


Thanks,
-- 
-- Joshua Rogers <https://internot.info/>

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE Request: Double Free in PHP Joshua Rogers (Dec 29)
- Re: CVE Request: Double Free in PHP cve-assign (Dec 29)
  - Re: Re: CVE Request: Double Free in PHP Joshua Rogers (Dec 29)
    - Re: CVE Request: Double Free in PHP cve-assign (Dec 29)
    - Re: Re: CVE Request: Double Free in PHP Joshua Rogers (Dec 29)