oss-sec mailing list archives
CVE Requests Facebook HHVM
From: "F. Alonso" <rs () revskills cz>
Date: Thu, 11 Aug 2016 12:49:25 +0200
Hi, The following commits patched several security flaws that I recently reported to Facebook's complete toolchain for the PHP language, HHVM [1] version 3.14.2 and 3.14.3. Could you assing CVEs for those issues? -Fix out of bounds write access in mb_detect_encoding, mb_send_mail, mb_detect_order. https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2 -Fix buffer overrun due to integer overflow in bcmath https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475 -Fix integer overflow in StringUtil::implode https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271 -Fix self recursion in compact https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e -Fix recursion checks in array_*_recursive https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69 -Fix infinite recursion in wddx https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2 [1] https://github.com/facebook/hhvm Thank you, -- Francisco Alonso. http://twitter.com/revskills PGP: 0xE2E64DCA --
Current thread:
- CVE Requests Facebook HHVM F. Alonso (Aug 11)
- Re: CVE Requests Facebook HHVM cve-assign (Aug 18)