oss-sec mailing list archives

Re: Re: CVE Request: various issues in PHP

From: Tomas Hoger <thoger () redhat com>
Date: Mon, 15 Jun 2015 14:39:33 +0200

On Fri, 29 May 2015 17:07:51 +0200 Tomas Hoger wrote:

I think there are few fixes in 5.4.40 / 5.5.24 / 5.6.8 that should have
CVEs assigned:


https://bugs.php.net/bug.php?id=69353
http://git.php.net/?p=php-src.git;a=commitdiff;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80

More CVE-2015-4025 / CVE-2015-4026 / CVE-2006-7243 like issues.  More
notes on what got changed is in RHBZ:
https://bugzilla.redhat.com/show_bug.cgi?id=1213407#c5


https://bugs.php.net/bug.php?id=69152
http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4
http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1

More unserialize issues.


https://bugs.php.net/bug.php?id=68819
http://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd

Fileinfo DoS.


Can CVEs be assigned for these?  Thank you!


Re-send this CVE request.

-- 
Tomas Hoger / Red Hat Product Security

Current thread:

Re: CVE Request: various issues in PHP Lior Kaplan (May 18)
- Re: Re: CVE Request: various issues in PHP Vasyl Kaigorodov (May 20)
  - Re: Re: CVE Request: various issues in PHP Tomas Hoger (May 29)
    - Re: Re: CVE Request: various issues in PHP Tomas Hoger (Jun 15)
    - Re: CVE Request: various issues in PHP cve-assign (Jun 16)
    - Re: Re: CVE Request: various issues in PHP Tomas Hoger (Jun 18)
    - Re: CVE Request: various issues in PHP cve-assign (Jun 18)
    - Re: CVE Request: various issues in PHP cve-assign (Jun 18)