Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAEsznC5htNHcq=f_tq8A99yD5k4t84AFaW=sj7RL589qMmoaXQ@mail.gmail.com>
Date: Wed, 25 May 2016 10:51:15 +0300
From: Lior Kaplan <kaplanlior@...il.com>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: Fwd: CVE for PHP 5.5.36 issues

Hi,

Please assign CVE for the following issues, expected to be part of PHP
5.5.36
Code at http://git.php.net/?p=php-src.git;a=shortlog;h=refs/heads/PHP-5.5

#72227 is a backport from upstream, so we'd prefer to reuse their CVE (if
already exists).
#72135 and 72114 are PHP 5.x only bugs.

Thanks,

Kaplan

---------- Forwarded message ----------
From: Lior Kaplan <kaplanlior@...il.com>
Date: Wed, May 25, 2016 at 12:55 AM
Subject: CVE for PHP 5.5.36 issues ?
To: "security@....net" <security@....net>

Following my mail bellow from last week, these are the issues which got
fixed in the security repository for PHP 5.5.

commit 7a1aac3343af85b4af4df5f8844946eaa27394ab
Author: Stanislav Malyshev <stas@....net>
Date:   Mon May 23 00:28:02 2016 -0700

    Fixed bug #72227: imagescale out-of-bounds read

    Ported from
https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a

commit 97eff7eb57fc2320c267a949cffd622c38712484
Author: Stanislav Malyshev <stas@....net>
Date:   Sun May 22 17:49:02 2016 -0700

    Fix bug #72241: get_icu_value_internal out-of-bounds read

commit 0da8b8b801f9276359262f1ef8274c7812d3dfda
Author: Stanislav Malyshev <stas@....net>
Date:   Sun May 15 23:26:51 2016 -0700

    Fix bug #72135 - don't create strings with lengths outside int range

commit abd159cce48f3e34f08e4751c568e09677d5ec9c
Author: Stanislav Malyshev <stas@....net>
Date:   Mon May 9 21:55:29 2016 -0700

    Fix bug #72114 - int/size_t confusion in fread

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.