oss-sec mailing list archives
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize()
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 27 May 2015 15:53:31 +0200
On Thu, 9 Apr 2015 10:45:47 +0200 Tomas Hoger wrote:
On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:Hi everyone, I'd like to request a CVE for the PHP Sec Bug #69085. Description: SoapClient's __call() method is prone to a type confusion vulnerability which can be used to gain remote code execution through unsafe unserialize() calls. Info: https://bugs.php.net/bug.php?id=69085Re-sending with cve-assign@ CC.
Yet another re-send. Is there a reason is isn't getting CVE, or explicit response that no CVE will be assigned? Thank you! -- Tomas Hoger / Red Hat Product Security
Current thread:
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger (Apr 09)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger (May 27)
- <Possible follow-ups>
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() cve-assign (Jun 01)