[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: PHP SoapClient's __call() type confusion through unserialize()
From: Tomas Hoger <thoger () redhat ! com>
Date: 2015-05-27 13:53:31
Message-ID: 20150527155331.6eb76d5e () redhat ! com
[Download RAW message or body]
On Thu, 9 Apr 2015 10:45:47 +0200 Tomas Hoger wrote:
> On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:
>
> > Hi everyone,
> > I'd like to request a CVE for the PHP Sec Bug #69085.
> >
> > Description:
> > SoapClient's __call() method is prone to a type confusion
> > vulnerability which can be used to gain remote code execution
> > through unsafe unserialize() calls.
> >
> > Info:
> > https://bugs.php.net/bug.php?id=69085
>
> Re-sending with cve-assign@ CC.
Yet another re-send. Is there a reason is isn't getting CVE, or
explicit response that no CVE will be assigned?
Thank you!
--
Tomas Hoger / Red Hat Product Security
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic