[Secure-testing-commits] r46989 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Dec 12 11:16:02 UTC 2016
Author: carnil
Date: 2016-12-12 11:16:02 +0000 (Mon, 12 Dec 2016)
New Revision: 46989
Modified:
data/CVE/list
Log:
Add more php issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-12 11:11:29 UTC (rev 46988)
+++ data/CVE/list 2016-12-12 11:16:02 UTC (rev 46989)
@@ -1,3 +1,24 @@
+CVE-2016-XXXX [Use After Free in PHP7 unserialize()]
+ - php7.0 7.0.14-1
+ - php5 <unfixed>
+ NOTE: Fixed in PHP 7.0.14 and 7.1.0
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978
+ NOTE: Fixed by: https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/12/2
+CVE-2016-XXXX [Invalid read when wddx decodes empty boolean element]
+ - php7.0 7.0.14-1
+ - php5 <unfixed>
+ NOTE: Fixed in PHP 5.6.29 and 7.0.14
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631
+ NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/12/2
+CVE-2016-XXXX [NULL Pointer Dereference in WDDX Packet Deserialization with PDORow]
+ - php7.0 7.0.13-1
+ - php5 <unfixed>
+ NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331
+ NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
+ NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-XXXX [imagefilltoborder stackoverflow on truecolor images]
- php7.0 7.0.13-1
- php5 <unfixed>
More information about the Secure-testing-commits
mailing list