oss-sec mailing list archives
Three CVE requests for PHP
From: Moritz Muehlenhoff <jmm () debian org>
Date: Wed, 16 Mar 2016 21:50:50 +0100
Hi, please assign CVE IDs (these need to be CVE-2015-XXXX) for these vulnerabilities fixed in the PHP implementations by php.net and HHVM. These are all fixed in PHP 5.6.13, PHP 5.5.29, PHP 5.4.45 and HHVM 3.12.1. 1. Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes https://bugs.php.net/bug.php?id=70385 https://github.com/facebook/hhvm/commit/06f3fc8091d8da793552db0e4d9a0d4add9c0bcc 2 ZipArchive::extractTo allows for directory traversal when creating directories https://bugs.php.net/bug.php?id=70350 https://github.com/facebook/hhvm/commit/65c95a01541dd2fbc9c978ac53bed235b5376686 3. HAVAL gives wrong hashes in specific cases https://bugs.php.net/bug.php?id=70312 https://github.com/facebook/hhvm/commit/918b174fa1e9924a9ecaecb08efcfdcab3db6151 Cheers, Moritz
Current thread:
- Three CVE requests for PHP Moritz Muehlenhoff (Mar 16)
- Re: Three CVE requests for PHP cve-assign (Mar 16)
- Re: Re: Three CVE requests for PHP Moritz Muehlenhoff (Mar 17)
- Re: Three CVE requests for PHP cve-assign (Mar 16)