oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE assignment for PHP 5.6.26 and 7.0.11

From: cve-assign () mitre org
Date: Thu, 15 Sep 2016 12:57:16 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


bug #73052 (Memory Corruption in During Deserialized-object Destruction).
https://bugs.php.net/bug.php?id=73052
https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1


Use CVE-2016-7411.



bug #72293 (Heap overflow in mysqlnd related to BIT fields).
https://bugs.php.net/bug.php?id=72293
https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1


Use CVE-2016-7412.



bug #72860 (wddx_deserialize use-after-free).
https://bugs.php.net/bug.php?id=72860
https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1


Use CVE-2016-7413.



bug #72928 (Out of bound when verify signature of zip phar in
phar_parse_zipfile).
https://bugs.php.net/bug.php?id=72928
https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1


Use CVE-2016-7414.



bug #73007 (add locale length check).
https://bugs.php.net/bug.php?id=73007
https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1


The related upstream code can be found in the
http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp
file.

What we will do for now is assign one CVE ID for the "ICU for C/C++"
product and a separate CVE ID for PHP. In other words, the bug #73007
discoverer has indicated that it is a bug in that ICU product.
However, it is a bug at a different level within the PHP distribution,
because 6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b implies that PHP is
intended to operate safely even with an unpatched copy of the ICU
library.

Use CVE-2016-7415 for ICU for C/C++.

Use CVE-2016-7416 for PHP.

(If there happens to be further information indicating that locid.cpp
was supposed to behave as originally written, then we can reject
CVE-2016-7415.)



bug #73029 (Missing type check when unserializing SplArray).
https://bugs.php.net/bug.php?id=73029
https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1


Use CVE-2016-7417.



bug #73065 (Out-Of-Bounds Read in php_wddx_push_element).
https://bugs.php.net/bug.php?id=73065
https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1


Use CVE-2016-7418. The scope of this CVE also includes all of the
"other four similar issues" in the "[2016-09-12 06:44 UTC]" comment.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX2tJ1AAoJEHb/MwWLVhi2IyQP/2dJs6voIoZb57o76tqlBsaO
K+4xjRwksJr7R295ckj4eyNfyrUp0md6czc1Nfo0YNiUaS4PuaDPO+hgTyquLIDX
C+F2+fi+mvKnwk4s6DmFtTsFQ/9ZERvvkvKjIN2URWMG9wQd/wGsM9/8bqa/P5wy
lykrJHFhoWqYImdijQpfQnqgdXEmRVFEUUy+06OAKJ0UU5VhpTdAt9Si+eEGw4Ke
LCYd174/PpmN/WGtA3re0nvvWxA51CspUjOjWo2cVo0jZDHKKjb38A5z3t8IiZOQ
cX/rOPcrBh4LMQ6NIgaQtNZvg7em9eO4cbbTsPo9B3N2aAhNdjVGsMuDzvrWdQ6x
w866h801+XSQcAdvjtqTv7mRVdG2mYeMhTRKQlXIj6wnP6m7jKMR2Ns6ob6WlOFU
VQao4JTjKWmcfc+S0SYNdJlXRQAiBjFF8y+bhmmxJUnK07K8gAe1kqisVBD3Son7
ri7DbOnQNZ5Vx6IRcXh04L5jSK3e11Y6r4MOS3s8ugz8O0c8qPBOUIpd3/0MnSi2
uJYid6ful550Jr5g/E42voFQjy7AFxUAneJbAMPPE4iK1QIpoJBAy4UwMIQbxvv7
kSeFi4oPeqGzPla649fBkzD0vTw35ElOOtZsEhQ14sohULuG+84VEA+FM/RDauUz
nyz6Llcs3sWHY+YCWJSQ
=VwnS
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: