[Secure-testing-commits] r34320 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon May 18 05:08:37 UTC 2015


Author: carnil
Date: 2015-05-18 05:08:37 +0000 (Mon, 18 May 2015)
New Revision: 34320

Modified:
   data/CVE/list
Log:
Add another php5 issue without CVE yet

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-18 05:07:09 UTC (rev 34319)
+++ data/CVE/list	2015-05-18 05:08:37 UTC (rev 34320)
@@ -1,3 +1,9 @@
+CVE-2015-XXXX [Memory Corruption in phar_parse_tarfile when entry filename starts with null]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=69453
+	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/17/2
+	TODO: check
 CVE-2015-3987 (Multiple unquoted Windows search path vulnerabilities in the (1) ...)
 	TODO: check
 CVE-2015-3986 (Cross-site request forgery (CSRF) vulnerability in the TheCartPress ...)




More information about the Secure-testing-commits mailing list