oss-sec mailing list archives
Re: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0
From: <cve-assign () mitre org>
Date: Mon, 12 Dec 2016 13:00:09 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Fixed in PHP 5.6.28, 7.0.13 and 7.1.0: Bug #72696 imagefilltoborder stackoverflow on truecolor images https://bugs.php.net/bug.php?id=72696 https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
Use CVE-2016-9933. The scope of this CVE is only the missing "color < 0" test in older versions. https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e is also about comparisons to "im->colorsTotal - 1" - if that's also a libgd vulnerability fix, and someone wants a CVE ID for that, please let us know.
Fixed in PHP 5.6.28, 7.0.13 and 7.1.0: Bug #73331 NULL Pointer Dereference in WDDX Packet Deserialization with PDORow https://bugs.php.net/bug.php?id=73331 https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
Use CVE-2016-9934. The scope of this CVE is everything fixed by 6045de69c7dedcba3eadf7c4bba424b19c81d00d. We could not immediately determine whether the new "pdo_row_ce->unserialize = zend_class_unserialize_deny" line, by itself, could stand as an independent fix for a subset of the problem.
Fixed in PHP 5.6.29 and 7.0.14: Bug #73631 Invalid read when wddx decodes empty boolean element https://bugs.php.net/bug.php?id=73631 https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
Use CVE-2016-9935.
Fixed in PHP 7.0.14 and 7.1.0: Bug #72978 Use After Free in PHP7 unserialize() https://bugs.php.net/bug.php?id=72978 https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
Use CVE-2016-9936. The b2af4e8868726a040234de113436c6e4f6372d17 commit message is "Complete the fix of bug #70172 for PHP 7." Because 70172 is referenced by CVE-2015-6834, it is possible to say that CVE-2016-9936 exists because of an incomplete fix for CVE-2015-6834. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYTuTBAAoJEHb/MwWLVhi2tzwQAJNkrZlt5Jz6HNM4QAS4uZgw TBOaGJXVjJF3DQDyR2jb+wYDnMkCWWON0lTw4pUj1sL8JgmxI+R0cT/eTVIBqyGZ zyUFzmMSXbt0HQ58Er1v2kZYOnjalD6q8UsME66wO0qVNRDDwpiS93j4yqc42RhH l1KcO7DjfbOyEIN/ZNzSLKn9L5Sn/bT0paeXdr5TfmqMDzGHwM0V7NgrjmJeJMTt OteCcYQz+r9vLmvM8Ol8Jlj4f5GZvbB8ClBjNmvhUANyxwZjVQ56a1hP/a+w6aw7 VBTJ9Jpj8SvdBNweTrehLD8e7XwePyN/YuJ8tQ6lhrxL+Xtt6TDt/ug7fpGASoVn VD93ExsIokXlgHDJ+4Jfqt0h0f7j2F2Ri7yTmpGCxBrBeIYgFJ949Ak+W2u9OJQz 51IEO8hUfYbtLqgRw30ZfW2pqYZQ5z75amlbgfb9qvgtcdxBI14/B+cehqrRXJhK PbebZHfU/EVb+ZFMJLROsKT5NedrTT5T3oWGaYamRTQm/0Zx0f2YeJT5j/5kJJFz YfB2IPdU2a/fdg8H3lZuKU8ti4Y/3ySSdzAzRaXK+TIAds7wfkUdKm+C5hgyjGgX NK7XO/omrEyUsWdvI/4cKuIWb0yjcoLqB5yZWcIzU/D7/RynAmj92s1G8bAO8rga SJV6zg4FuvvBpDH+1rJJ =QPcf -----END PGP SIGNATURE-----
Current thread:
- CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 Lior Kaplan (Dec 12)
- Re: CVE assignment for PHP 5.6.28, 5.6.29, 7.0.13, 7.0.14 and 7.1.0 cve-assign (Dec 12)