Add CVE IDs PHP 5.6.13

2024-11-24 10:24:11 +08:00 · 2016-04-29 13:19:46 +03:00 · 2016-04-29 13:19:46 +03:00 · 26f8ee48d6
commit 26f8ee48d6
parent 91fd5406bc
1 changed files with 9 additions and 7 deletions
--- a/16
+++ b/16
@ -365,9 +365,10 @@ PHP                                                                        NEWS
  . Fixed bug #69487 (SAPI may truncate POST data). (cmb)
  . Fixed bug #70198 (Checking liveness does not work as expected).
    (Shafreeck Sea, Anatol Belski)
-  . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). (Stas)
+  . Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
+    (CVE-2015-6834) (Stas)
  . Fixed bug #70219 (Use after free vulnerability in session deserializer).
-    (taoguangchen at icloud dot com)
+    (CVE-2015-6835) (taoguangchen at icloud dot com)

 - CLI server:
  . Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
@ -407,16 +408,16 @@ PHP                                                                        NEWS

 - SOAP:
  . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
-    (Stas)
+    (CVE-2015-6836) (Stas)

 - SPL:
  . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via
    ob_start). (hugh at allthethings dot co dot nz)
  . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
  . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
-    SplObjectStorage). (taoguangchen at icloud dot com)
+    SplObjectStorage). (CVE-2015-6834) (taoguangchen at icloud dot com)
  . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
-    SplDoublyLinkedList). (taoguangchen at icloud dot com)
+    SplDoublyLinkedList). (CVE-2015-6834) (taoguangchen at icloud dot com)

 - Standard:
  . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
@ -425,11 +426,12 @@ PHP                                                                        NEWS
    INI_SCANNER_TYPED). (Tjerk)

 - XSLT:
-  . Fixed bug #69782 (NULL pointer dereference). (Stas)
+  . Fixed bug #69782 (NULL pointer dereference). (CVE-2015-6837, CVE-2015-6838)
+    (Stas)

 - ZIP:
  . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when
-    creating directories). (neal at fb dot com)
+    creating directories). (CVE-2014-9767) (neal at fb dot com)

 06 Aug 2015, PHP 5.6.12