oss-sec mailing list archives

CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0

From: Lior Kaplan <kaplanlior () gmail com>
Date: Mon, 12 Dec 2016 12:13:45 +0200

Hi,

Please assign a CVE for the following issues:

Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
Bug #72696    imagefilltoborder stackoverflow on truecolor images
https://bugs.php.net/bug.php?id=72696
https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1


Fixed in PHP 5.6.28, 7.0.13 and 7.1.0:
Bug #73331    NULL Pointer Dereference in WDDX Packet Deserialization with
PDORow
https://bugs.php.net/bug.php?id=73331
https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d


Fixed in PHP 5.6.29 and 7.0.14:
Bug #73631    Invalid read when wddx decodes empty boolean element
https://bugs.php.net/bug.php?id=73631
https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0


Fixed in PHP 7.0.14 and 7.1.0:
Bug #72978    Use After Free in PHP7 unserialize()
https://bugs.php.net/bug.php?id=72978
https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17


Kaplan

Current thread:

CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 Lior Kaplan (Dec 12)
- Re: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 cve-assign (Dec 12)