'Re: [oss-security] CVE request: PHP MOPS-2010-56..60'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: PHP MOPS-2010-56..60
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-06-30 18:45:11
Message-ID: 42296788.1636551277923511216.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

I'm going to leave these for MITRE. They handled all the other MOPS bugs,
it's possible these have IDs and we just don't know.

Thanks.

-- 
    JB


----- "Raphael Geissert" <geissert@debian.org> wrote:

> Hi,
> 
> According to our tracker there are still some MOPS issues that don't
> have 
> CVE ids.
> 
> More specifically:
> 
> > 60: PHP Session Serializer Session Data Injection Vulnerability
> http://svn.php.net/viewvc?view=revision&revision=298608
> 
> > 59: PHP php_mysqlnd_auth_write() Stack Buffer Overflow
> Vulnerability
> http://svn.php.net/viewvc?view=revision&revision=298703
> 
> > 58: PHP php_mysqlnd_read_error_from_line() [Heap] Buffer Overflow 
> Vulnerability
> http://svn.php.net/viewvc?view=revision&revision=298703
> 
> > 57 PHP php_mysqlnd_rset_header_read() [Heap] Buffer Overflow
> Vulnerability
> I think this is
> http://svn.php.net/viewvc?view=revision&revision=298235
> 
> > 56 PHP php_mysqlnd_ok_read() Information Leak Vulnerability
> http://svn.php.net/viewvc?view=revision&revision=298703
> 
> Could CVE ids be assigned?
> 
> Regards,
> -- 
> Raphael Geissert - Debian Developer
> www.debian.org - get.debian.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic