oss-sec mailing list archives
Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath;
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 21 Jul 2015 21:51:01 +0200
On Fri, 17 Jul 2015 15:54:25 +0200 Vasyl Kaigorodov wrote:
I'd like to request a CVEs for the below issues fixed in PHP 5.5.27 and 5.4.43 (5.6.x was not affected by those it looks like): Segfault in Phar::convertToData on invalid file https://bugs.php.net/bug.php?id=69958 http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf Buffer overflow and stack smashing error in phar_fix_filepath https://bugs.php.net/bug.php?id=69923 http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
Another fix noted in 5.6.11 / 5.5.27 / 5.4.43 is: Mysqlnd: Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM). (CVE-2015-3152) https://bugs.php.net/bug.php?id=69669 http://git.php.net/?p=php-src.git;a=commitdiff;h=97aa752fee61fccdec361279adbfb17a3c60f3f4 It references a CVE that was assigned to MySQL / libmysqlclient. As the fix was applied to mysqlnd - re-implementation of the MySQL client - can the original BACKRONYM CVE still be used here, or is a new CVE id needed? Thank you! -- Tomas Hoger / Red Hat Product Security
Current thread:
- CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath; Vasyl Kaigorodov (Jul 17)
- Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath; cve-assign (Jul 18)
- Re: CVE request: php - segmentation fault in Phar::convertToData; buffer overflow in phar_fix_filepath; Tomas Hoger (Jul 21)