|
Message-ID: <54AE65CD.6090000@internot.info>
Date: Thu, 08 Jan 2015 22:11:09 +1100
From: Joshua Rogers <oss@...ernot.info>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: CVE Request: PHP
Hi,
I'm requesting multiple CVE-ID's for multiple vulnerabilities in PHP
that I found:
--
CVE Request 1:
Use after free in 'opcache' component of PHP
Bug report: https://bugs.php.net/bug.php?id=68677&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115
CVE Request 2:
Uninitalized Pointer Read in PHP core('fopen()')
Bug report: https://bugs.php.net/bug.php?id=68692&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=7ebdc8d70d7617f2c3353b027663ef54a24a2248
CVE Request 3:
Uninitalized Pointer Read in PHP core
Bug report: https://bugs.php.net/bug.php?id=68694&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=f3ea1b0b6a42a08093bf9191ad76fb4b5e0a653b
CVE Request 4:
Null Pointer Deference in pgsql
Bug report: https://bugs.php.net/bug.php?id=68741&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
CVE Request 5:
Null Pointer Deference in ereg(regex)
Bug report: https://bugs.php.net/bug.php?id=68740&edit=2
Commit fix:
http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
Thanks,
--
-- Joshua Rogers <https://internot.info/>
Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.