[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: PHP Phar - arbitrary code execution
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-05-22 17:47:11
Message-ID: 4FBBD11F.8020507 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/20/2012 12:09 PM, Felipe Pena wrote:
> Hi, Can anyone assing a CVE id for the following PHP's phar
> extension integer overflow vulnerability? (Secunia SA44335)
> 
> Private report: https://bugs.php.net/bug.php?id=61065
> 
> Discovered by: Alexander Gavrun
> 
> Original Advisory: 
> http://0x1byte.blogspot.com/2011/04/php-phar-extension-heap-overflow.html

Please
> 
use CVE-2012-2386 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPu9EfAAoJEBYNRVNeJnmTnLMQAMQcvrrfTxm6bD5P5+gChfO1
PJB21AAuD2KX7KAW7YqOhCckjwTYG0n2slAUggUlCeWk/aDaVcnfKe2UQ5n0asKj
ewd7uPkV0iWV9SQ5qjyYD6h1bawaS2mLTojefPUIMAlR8jg9n11lqRe6SN3vzJh5
OBEj7vy4g95Hav7/UIHGmpUP6vAQwqwxafOprhwCXMg04qdj52Px0G0Okf+5Rk8S
hdeu/I2SqRCm1GoGOdc+ABn8AZoxrL2rw2UfvZyjrCg/nlbgP1qMMGP9/JcsHRTL
2lU2al7Z4LAlB+mtFHxUqzCDMNAnGYM95XHSKhVRGCi8xojgC+T2v8EFarX6neW2
cbi02jbd8CzWX5kMc/i3MoTbyLXghZxI/gm1kIuf1Ff/MCzqs+YqBVlzUNthoijE
ESPMTSebI7qIRkeVlGiyFALcyftYibgw/3ufHLXtiN3ARP9CSLocizAak5VHmo52
khwmSQq5wuYxG4+R+jZKZAgA5vziL3ZN/AHtSpmuUvcFeh64262zqtDhSj31N+Tl
uUUQewB4fQwo1Q1loVEmjdBPmSM3C3bAFIS++bAWUQyrIHKv8CheTG53hBlU/X0O
Of0aJMVLRO6CiGuhGWddZlVKRBeeq6bgJ4tjYyq6PV++WJ3A979oimUVSsutqtKs
N6mIQ5uVKFZ069M0zvwa
=K0uz
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]