[Secure-testing-commits] r44272 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Sep 2 10:46:10 UTC 2016 

Author: carnil
Date: 2016-09-02 10:46:09 +0000 (Fri, 02 Sep 2016)
New Revision: 44272

Modified:
   data/CVE/list
Log:
Add more PHP bugs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-02 10:37:42 UTC (rev 44271)
+++ data/CVE/list	2016-09-02 10:46:09 UTC (rev 44272)
@@ -1,3 +1,45 @@
+CVE-2016-XXXX [Heap overflow in curl_escape]
+	- php7.0 7.0.10-1
+	- php5 <not-affected> (Only affects PHP 7)
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72674
+	NOTE: Fixed in 7.0.10
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+CVE-2016-XXXX [memory allocator fails to realloc small block to large one]
+	- php7.0 7.0.10-1
+	- php5 <not-affected> (Only affects PHP 7)
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72742
+	NOTE: Fixed in 7.0.10
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+CVE-2016-XXXX [wddx_deserialize null dereference in php_wddx_pop_element]
+	- php7.0 7.0.10-1
+	- php5 <unfixed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799
+	NOTE: Fixed in 7.0.10, 5.6.25
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+CVE-2016-XXXX [wddx_deserialize null dereference with invalid xml]
+	- php7.0 7.0.10-1
+	- php5 <unfixed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790
+	NOTE: Fixed in 7.0.10, 5.6.25
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+CVE-2016-XXXX [wddx_deserialize null dereference]
+	- php7.0 7.0.10-1
+	- php5 <unfixed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750
+	NOTE: Fixed in 7.0.10, 5.6.25
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+CVE-2016-XXXX [wddx_deserialize allows illegal memory access]
+	- php7.0 7.0.10-1
+	- php5 <unfixed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749
+	NOTE: Fixed in 7.0.10, 5.6.25
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+CVE-2016-XXXX [Memory Leakage In exif_process_IFD_in_TIFF]
+	- php7.0 7.0.10-1
+	- php5 <unfixed>
+	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627
+	NOTE: Fixed in 7.0.10, 5.6.25
+	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
 CVE-2016-XXXX [imagegammacorrect allows arbitrary write access]
 	- libgd2 <unfixed>
 	- php7.0 7.0.10-1 (unimportant)

More information about the Secure-testing-commits mailing list