Author: jmm Date: 2016-03-16 13:23:56 +0000 (Wed, 16 Mar 2016) New Revision: 40415
Modified: data/CVE/list Log: new HHVM/PHP issues (no need to file a bug for hhvm, maintainer is aware) Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-03-16 09:10:22 UTC (rev 40414) +++ data/CVE/list 2016-03-16 13:23:56 UTC (rev 40415) @@ -1,3 +1,35 @@ +CVE-2016-XXXX [use-after-free in unserialisation] + - hhvm <unfixed> + NOTE: https://github.com/facebook/hhvm/commit/fd456ffad5d164c1563dc8bd97bcc2f200ff6f69 +CVE-2016-XXXX [heap overflows in iptcembed] + - hhvm <unfixed> + NOTE: https://github.com/facebook/hhvm/commit/eae73029336e4d577707cb8a0527f22cb8a4588a +CVE-2015-XXXX [php_url_parse_ex() buffer overflow read] + - hhvm <unfixed> + - php5 <undetermined> + NOTE: https://bugs.php.net/bug.php?id=70480 + NOTE: https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764 +CVE-2015-XXXX [Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes] + - hhvm <unfixed> + - php5 5.6.13+dfsg-1 + [jessie] - php5 5.6.13+dfsg-0+deb8u1 + [wheezy] - php5 5.4.45-0+deb7u1 + NOTE: https://bugs.php.net/bug.php?id=70385 + NOTE: https://github.com/facebook/hhvm/commit/06f3fc8091d8da793552db0e4d9a0d4add9c0bcc +CVE-2015-XXXX [ZipArchive::extractTo allows for directory traversal when creating directories] + - hhvm <unfixed> + - php5 5.6.13+dfsg-1 + [jessie] - php5 5.6.13+dfsg-0+deb8u1 + [wheezy] - php5 5.4.45-0+deb7u1 + NOTE: https://bugs.php.net/bug.php?id=70350 + NOTE: https://github.com/facebook/hhvm/commit/65c95a01541dd2fbc9c978ac53bed235b5376686 +CVE-2015-XXXX [HAVAL gives wrong hashes in specific cases] + - hhvm <unfixed> + - php5 5.6.13+dfsg-1 + [jessie] - php5 5.6.13+dfsg-0+deb8u1 + [wheezy] - php5 5.4.45-0+deb7u1 + NOTE: https://bugs.php.net/bug.php?id=70312 + NOTE: https://github.com/facebook/hhvm/commit/918b174fa1e9924a9ecaecb08efcfdcab3db6151 CVE-2016-3152 RESERVED CVE-2016-3151 @@ -5096,6 +5128,10 @@ RESERVED CVE-2016-1552 RESERVED + - hhvm <unfixed> + NOTE: https://github.com/facebook/hhvm/commit/979b5b312ffbd56126c52f3dcb6cf8fcab89664f + NOTE: https://github.com/facebook/hhvm/commit/604689e1565ea6361f9d81f839cd56bdda3b45ed + NOTE: https://github.com/facebook/hhvm/commit/f21dccdde582c61d5a9b52dd821bcb1f08169d28 CVE-2016-1551 RESERVED CVE-2016-1550 @@ -14711,9 +14747,11 @@ RESERVED {DSA-3358-1 DLA-341-1} - php5 5.6.13+dfsg-1 + - hhvm <unfixed> NOTE: https://bugs.php.net/bug.php?id=69782 NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5 NOTE: Fixed in 5.5.45 and 5.6.13 + NOTE: https://github.com/facebook/hhvm/commit/f358ec0e905df41feaa9dc75f4dee814cfe5a60a CVE-2015-6837 [NULL pointer dereference] RESERVED {DSA-3358-1 DLA-341-1} _______________________________________________ Secure-testing-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
