oss-sec mailing list archives
Re: CVE Requests Facebook HHVM
From: cve-assign () mitre org
Date: Thu, 18 Aug 2016 20:18:41 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
-Fix out of bounds write access in mb_detect_encoding, mb_send_mail, mb_detect_order. https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
Use CVE-2016-6870. The scope of this CVE is all of the incorrect uses of strndup that were fixed in this commit. The commit message references t11337047, which possibly is a bug that was discovered much earlier. However, because we don't know of any earlier public disclosure of t11337047, there isn't a separate CVE ID for t11337047.
-Fix buffer overrun due to integer overflow in bcmath https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
Use CVE-2016-6871.
-Fix integer overflow in StringUtil::implode https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
Use CVE-2016-6872.
-Fix self recursion in compact https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
Use CVE-2016-6873.
-Fix recursion checks in array_*_recursive https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
Use CVE-2016-6874.
-Fix infinite recursion in wddx https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
Use CVE-2016-6875. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXtk/uAAoJEHb/MwWLVhi2OFwP/Aig7rJ2rCVEyv+/KwDJBC+a ufukAbNgsFbzHChTJxntRrWS3PJt7DKkZ4a2wlPzdUd4rQKGFObmMMm4OIWw2xaj TiBngAelDRJNDNP/ZmkEySj9RGS33UMg+6QnI5pOFI3r7uXIqBau+cjIyq3diqUC NFlaiFy2TcIb82bYRET3r4SIk8019uaP2rfN5CDLKuNPpYIM3d/Xo0490MwufTHh QyTiFtFDwsZdtCQz5wFR949Lt+B6rEFdhzYDaqjJr9We6POxvy799/8LUI2UGtwN P6UiCzS1o/ybx6QCh+Lx7wDNBuT/3t0aeFhWx1FJuFodtF9yiILMxD4BpaARlnva 4Nv/+TNhCmcGGLyE3wCrcAVeCX/QcsAaM9fXYVGy2SuqRmljW7sQIhpkaCIzQCwq EEGCZMeqPBZ1pMlIJgKmWa0PvKfkv0nDtNhQqNN57hS3YcePE8rShO7+/HYRQaYL zMe8u6OWVZr432Iwcia1Zjxnmi6ix1g3Ua8gz8oWAGrvw5/6T0gEzRyz+OB79+y+ 3OKeE/GDQA/aVRutZciQrrHT30uzkgwtoAQdafur5Cna0cEqRQnclcwFxUfPdpr4 qJJFWH2vmPncge0xx2auUaDv8+7OBOonUvlmEWIfowSdg66D0Qm6EyqN6UNZqm5a tVSy0zt3nnIATS36SGDd =tBiw -----END PGP SIGNATURE-----
Current thread:
- CVE Requests Facebook HHVM F. Alonso (Aug 11)
- Re: CVE Requests Facebook HHVM cve-assign (Aug 18)