From aa478e434c5aadf65e5ae0eeeef039bafe8fd6aa Mon Sep 17 00:00:00 2001 From: feld Date: Sat, 18 Jul 2015 23:43:41 +0000 Subject: Document php-phar vulnerabilities Add missing modified date to zenphoto entry Security: CVE-2015-5589 Security: CVE-2015-5590 --- security/vuxml/vuln.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'security/vuxml/vuln.xml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d70dfa2a0332..4c8c459eff6e 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,42 @@ Notes: --> + + php-phar -- multiple vulnerabilities + + + php55-phar + 5.5.27 + + + php5-phar + 5.4.43 + + + + +

reports:

+
+

Segfault in Phar::convertToData on invalid file.

+

Buffer overflow and stack smashing error in phar_fix_filepath.

+
+ +
+ + http://seclists.org/oss-sec/2015/q3/141 + https://bugs.php.net/bug.php?id=69958 + http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf + https://bugs.php.net/bug.php?id=69923 + http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f + CVE-2015-5589 + CVE-2015-5590 + + + 2015-06-24 + 2015-07-18 + +
+ moodle -- multiple vulnerabilities @@ -171,6 +207,7 @@ Notes: 2015-05-24 2015-07-16 + 2015-07-18 -- cgit