Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 25 May 2016 10:51:15 +0300
From: Lior Kaplan <>
Subject: Fwd: CVE for PHP 5.5.36 issues


Please assign CVE for the following issues, expected to be part of PHP
Code at;a=shortlog;h=refs/heads/PHP-5.5

#72227 is a backport from upstream, so we'd prefer to reuse their CVE (if
already exists).
#72135 and 72114 are PHP 5.x only bugs.



---------- Forwarded message ----------
From: Lior Kaplan <>
Date: Wed, May 25, 2016 at 12:55 AM
Subject: CVE for PHP 5.5.36 issues ?
To: "" <>

Following my mail bellow from last week, these are the issues which got
fixed in the security repository for PHP 5.5.

commit 7a1aac3343af85b4af4df5f8844946eaa27394ab
Author: Stanislav Malyshev <>
Date:   Mon May 23 00:28:02 2016 -0700

    Fixed bug #72227: imagescale out-of-bounds read

    Ported from

commit 97eff7eb57fc2320c267a949cffd622c38712484
Author: Stanislav Malyshev <>
Date:   Sun May 22 17:49:02 2016 -0700

    Fix bug #72241: get_icu_value_internal out-of-bounds read

commit 0da8b8b801f9276359262f1ef8274c7812d3dfda
Author: Stanislav Malyshev <>
Date:   Sun May 15 23:26:51 2016 -0700

    Fix bug #72135 - don't create strings with lengths outside int range

commit abd159cce48f3e34f08e4751c568e09677d5ec9c
Author: Stanislav Malyshev <>
Date:   Mon May 9 21:55:29 2016 -0700

    Fix bug #72114 - int/size_t confusion in fread

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.