[Secure-testing-commits] r42751 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Thu Jun 23 16:32:28 UTC 2016
Author: carnil
Date: 2016-06-23 16:32:28 +0000 (Thu, 23 Jun 2016)
New Revision: 42751
Modified:
data/CVE/list
Log:
Add CVE-2016-5771
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-06-23 16:26:32 UTC (rev 42750)
+++ data/CVE/list 2016-06-23 16:32:28 UTC (rev 42751)
@@ -1,3 +1,10 @@
+CVE-2016-5771 [Use After Free Vulnerability in PHP's GC algorithm and unserialize]
+ - php7.0 <undetermined>
+ - php5 <unfixed>
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
+ NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
+ NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
+ TODO: check if really affects 7.x, CVE assignment claims not
CVE-2016-5770 [int/size_t confusion in SplFileObject::fread]
- php7.0 <unfixed>
- php5 <unfixed>
More information about the Secure-testing-commits
mailing list