Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath;

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Segfault in Phar::convertToData on invalid file
> https://bugs.php.net/bug.php?id=69958
> http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf

> -               php_stream_close(phar->fp);
> +               if (phar->fp) {
> +                       php_stream_close(phar->fp);
> +               }

Use CVE-2015-5589.


> Buffer overflow and stack smashing error in phar_fix_filepath
> https://bugs.php.net/bug.php?id=69923
> http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f

> there is no check if `newpath_len` will exceed MAXPATHLEN, which is
> the size of `newpath` on the stack.

Use CVE-2015-5590.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVqi70AAoJEKllVAevmvms/54H/RRluc6ErkmkBrq+DtmbGUqj
YsL8AvL2GFn82tiEqsGs9+BaE9NSFYZv7Cg7fgmlWYL2TcEq6D94I1MbmaaSG9O9
R/ogWm4XWMDbeNruDGsb3y2GEvzzgdSxuDsgSKOBcR7pzw0RYIribeJM6hwfbQ9Q
dG9POpslHu6fTGq7tYpTY/p5fBjuDz176AcpIzdh6hm/GvvNaNvr/cgx7ZXtaGN7
53Pqi+4YwbZbIbx4a1O4MHBmbnShbTEhhVRwvXLLwhAcvNwxocDJBLoiiYbunEVi
70bgzyiBmqSj1qYN+wp6fnUdHBloyer7Jw37bZhmU7hRGBlzh6KTE7GaODUBnE4=
=OZOY
-----END PGP SIGNATURE-----