[Secure-testing-commits] r40415 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Wed Mar 16 13:23:56 UTC 2016
Author: jmm
Date: 2016-03-16 13:23:56 +0000 (Wed, 16 Mar 2016)
New Revision: 40415
Modified:
data/CVE/list
Log:
new HHVM/PHP issues (no need to file a bug for hhvm, maintainer is aware)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-16 09:10:22 UTC (rev 40414)
+++ data/CVE/list 2016-03-16 13:23:56 UTC (rev 40415)
@@ -1,3 +1,35 @@
+CVE-2016-XXXX [use-after-free in unserialisation]
+ - hhvm <unfixed>
+ NOTE: https://github.com/facebook/hhvm/commit/fd456ffad5d164c1563dc8bd97bcc2f200ff6f69
+CVE-2016-XXXX [heap overflows in iptcembed]
+ - hhvm <unfixed>
+ NOTE: https://github.com/facebook/hhvm/commit/eae73029336e4d577707cb8a0527f22cb8a4588a
+CVE-2015-XXXX [php_url_parse_ex() buffer overflow read]
+ - hhvm <unfixed>
+ - php5 <undetermined>
+ NOTE: https://bugs.php.net/bug.php?id=70480
+ NOTE: https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764
+CVE-2015-XXXX [Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes]
+ - hhvm <unfixed>
+ - php5 5.6.13+dfsg-1
+ [jessie] - php5 5.6.13+dfsg-0+deb8u1
+ [wheezy] - php5 5.4.45-0+deb7u1
+ NOTE: https://bugs.php.net/bug.php?id=70385
+ NOTE: https://github.com/facebook/hhvm/commit/06f3fc8091d8da793552db0e4d9a0d4add9c0bcc
+CVE-2015-XXXX [ZipArchive::extractTo allows for directory traversal when creating directories]
+ - hhvm <unfixed>
+ - php5 5.6.13+dfsg-1
+ [jessie] - php5 5.6.13+dfsg-0+deb8u1
+ [wheezy] - php5 5.4.45-0+deb7u1
+ NOTE: https://bugs.php.net/bug.php?id=70350
+ NOTE: https://github.com/facebook/hhvm/commit/65c95a01541dd2fbc9c978ac53bed235b5376686
+CVE-2015-XXXX [HAVAL gives wrong hashes in specific cases]
+ - hhvm <unfixed>
+ - php5 5.6.13+dfsg-1
+ [jessie] - php5 5.6.13+dfsg-0+deb8u1
+ [wheezy] - php5 5.4.45-0+deb7u1
+ NOTE: https://bugs.php.net/bug.php?id=70312
+ NOTE: https://github.com/facebook/hhvm/commit/918b174fa1e9924a9ecaecb08efcfdcab3db6151
CVE-2016-3152
RESERVED
CVE-2016-3151
@@ -5096,6 +5128,10 @@
RESERVED
CVE-2016-1552
RESERVED
+ - hhvm <unfixed>
+ NOTE: https://github.com/facebook/hhvm/commit/979b5b312ffbd56126c52f3dcb6cf8fcab89664f
+ NOTE: https://github.com/facebook/hhvm/commit/604689e1565ea6361f9d81f839cd56bdda3b45ed
+ NOTE: https://github.com/facebook/hhvm/commit/f21dccdde582c61d5a9b52dd821bcb1f08169d28
CVE-2016-1551
RESERVED
CVE-2016-1550
@@ -14711,9 +14747,11 @@
RESERVED
{DSA-3358-1 DLA-341-1}
- php5 5.6.13+dfsg-1
+ - hhvm <unfixed>
NOTE: https://bugs.php.net/bug.php?id=69782
NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
NOTE: Fixed in 5.5.45 and 5.6.13
+ NOTE: https://github.com/facebook/hhvm/commit/f358ec0e905df41feaa9dc75f4dee814cfe5a60a
CVE-2015-6837 [NULL pointer dereference]
RESERVED
{DSA-3358-1 DLA-341-1}
More information about the Secure-testing-commits
mailing list