oss-sec mailing list archives

CVE request: issues fixed in PHP 5.6.14 and 5.5.30

From: Martin Prpic <mprpic () redhat com>
Date: Mon, 05 Oct 2015 15:20:07 +0200

Hi, the changelog for PHP 5.6.14 and 5.5.30 lists these two issues that
have a security impact:

Null pointer dereference in phar_get_fp_offset()
https://bugs.php.net/bug.php?id=69720

Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"
https://bugs.php.net/bug.php?id=70433

Both result in a crash. Can CVEs be assigned to these issues?

Also, if anyone knows of any security implications of the other bugs in
these versions, please speak up. I didn't go through the whole list
very thoroughly.

Thank you!

-- 
Martin Prpič / Red Hat Product Security

Current thread:

CVE request: issues fixed in PHP 5.6.14 and 5.5.30 Martin Prpic (Oct 05)
- Re: CVE request: issues fixed in PHP 5.6.14 and 5.5.30 cve-assign (Oct 10)