[Secure-testing-commits] r44276 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Fri Sep 2 19:05:51 UTC 2016 

Author: carnil
Date: 2016-09-02 19:05:51 +0000 (Fri, 02 Sep 2016)
New Revision: 44276

Modified:
   data/CVE/list
Log:
CVEs assigned for PHP

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-09-02 18:49:10 UTC (rev 44275)
+++ data/CVE/list	2016-09-02 19:05:51 UTC (rev 44276)
@@ -1,71 +1,89 @@
-CVE-2016-XXXX [Heap overflow in curl_escape]
+CVE-2016-7134 [Heap overflow in curl_escape]
 	- php7.0 7.0.10-1
 	- php5 <not-affected> (Only affects PHP 7)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72674
 	NOTE: Fixed in 7.0.10
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [memory allocator fails to realloc small block to large one]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7?w=1
+CVE-2016-7133 [memory allocator fails to realloc small block to large one]
 	- php7.0 7.0.10-1
 	- php5 <not-affected> (Only affects PHP 7)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72742
 	NOTE: Fixed in 7.0.10
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [wddx_deserialize null dereference in php_wddx_pop_element]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1
+CVE-2016-7132 [wddx_deserialize null dereference in php_wddx_pop_element]
 	- php7.0 7.0.10-1
 	- php5 <unfixed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [wddx_deserialize null dereference with invalid xml]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
+	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
+	NOTE: commit is about the pop issue in 72799.
+CVE-2016-7131 [wddx_deserialize null dereference with invalid xml]
 	- php7.0 7.0.10-1
 	- php5 <unfixed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [wddx_deserialize null dereference]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
+	NOTE: Cf. as well https://bugs.php.net/bug.php?id=72799
+	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
+	NOTE: commit is about the pop issue in 72799.
+CVE-2016-7130 [wddx_deserialize null dereference]
 	- php7.0 7.0.10-1
 	- php5 <unfixed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [wddx_deserialize allows illegal memory access]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
+CVE-2016-7129 [wddx_deserialize allows illegal memory access]
 	- php7.0 7.0.10-1
 	- php5 <unfixed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [Memory Leakage In exif_process_IFD_in_TIFF]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
+CVE-2016-7128 [Memory Leakage In exif_process_IFD_in_TIFF]
 	- php7.0 7.0.10-1
 	- php5 <unfixed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [imagegammacorrect allows arbitrary write access]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed?w=1
+CVE-2016-7127 [imagegammacorrect allows arbitrary write access]
 	- libgd2 <unfixed>
 	- php7.0 7.0.10-1 (unimportant)
         - php5 <unfixed> (unimportant)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [select_colors write out-of-bounds]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae?w=1
+CVE-2016-7126 [select_colors write out-of-bounds]
 	- libgd2 <unfixed>
 	- php7.0 7.0.10-1 (unimportant)
         - php5 <unfixed> (unimportant)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [PHP Session Data Injection Vulnerability]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
+CVE-2016-7125 [PHP Session Data Injection Vulnerability]
 	- php7.0 7.0.10-1
 	- php5 <unfixed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
-CVE-2016-XXXX [Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization]
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
+	NOTE: Scope of CVE also includes the "The similar issue also exist in session php_binary
+	NOTE: handler" part of 72681.
+CVE-2016-7124 [Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization]
 	- php7.0 7.0.10-1
 	- php5 <unfixed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663
 	NOTE: Fixed in 7.0.10, 5.6.25
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
+	NOTE: https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1
 CVE-2016-7119 (Cross-site scripting (XSS) vulnerability in the user-profile biography ...)
 	TODO: check
 CVE-2016-7117

More information about the Secure-testing-commits mailing list