[Secure-testing-commits] r36529 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Sep 7 17:02:32 UTC 2015 

Author: carnil
Date: 2015-09-07 17:02:32 +0000 (Mon, 07 Sep 2015)
New Revision: 36529

Modified:
   data/CVE/list
Log:
Add new php5 issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-07 14:34:45 UTC (rev 36528)
+++ data/CVE/list	2015-09-07 17:02:32 UTC (rev 36529)
@@ -1,3 +1,48 @@
+CVE-2015-XXXX [Various PCRE issues caused by the regexp string]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=70345
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: Fixed in 5.5.45 and 5.6.13
+CVE-2015-XXXX [HAVAL gives wrong hashes in specific cases]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=70312
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: Fixed in 5.5.45 and 5.6.13
+CVE-2015-XXXX [Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=70385
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: Fixed in 5.5.45 and 5.6.13
+CVE-2015-XXXX [NULL pointer dereference]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=69782
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: Fixed in 5.5.45 and 5.6.13
+CVE-2015-XXXX [yet another use-after-free vulnerability in unserialize() with SplDoublyLinkedL]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=70366
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: Fixed in 5.5.45 and 5.6.13
+CVE-2015-XXXX [yet another use-after-free vulnerability in unserialize() with SplObjectStorage]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=70365
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: Fixed in 5.5.45 and 5.6.13
+CVE-2015-XXXX [SOAP serialize_function_call() type confusion / RCE]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=70388
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: Fixed in 5.5.45 and 5.6.13
+CVE-2015-XXXX [Use after free vulnerability in session deserializer]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=70219
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: Fixed in 5.5.45 and 5.6.13
+CVE-2015-XXXX [Use After Free Vulnerability in unserialize()]
+	- php5 <unfixed>
+	NOTE: https://bugs.php.net/bug.php?id=70172
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/07/5
+	NOTE: Fixed in 5.5.45 and 5.6.13
 CVE-2015-XXXX [TOTP Replay Attack]
 	- ruby-devise-two-factor <unfixed>
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/06/2

More information about the Secure-testing-commits mailing list