Attachment 154941 Details for Bug 198993 – VUXML entry documenting CVE-2015-0231, CVE-2015-2305, and CVE-2015-2331

[patch] VUXML entry documenting CVE-2015-0231, CVE-2015-2305, and CVE-2015-2331

vuxml-1.1_2.diff (text/plain), 1.53 KB, created by Jason Unovitch on 2015-03-28 23:42:05 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jason Unovitch

Created: 2015-03-28 23:42:05 UTC

Size: 1.53 KB

patch

obsolete

>Index: vuln.xml
>===================================================================
>--- vuln.xml	(revision 382560)
>+++ vuln.xml	(working copy)
>@@ -57,6 +57,46 @@
> 
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>+ <vuln vid="db119391-d59f-11e4-991c-002590263bf5">
>+ <topic>php5 -- multiple vulnerabilities</topic>
>+ <affects>
>+ <package>
>+	<name>php5</name>
>+	<range><lt>5.4.39</lt></range>
>+ </package>
>+ <package>
>+	<name>php55</name>
>+	<range><lt>5.5.23</lt></range>
>+ </package>
>+ <package>
>+	<name>php56</name>
>+	<range><lt>5.6.7</lt></range>
>+ </package>
>+ </affects>
>+ <description>
>+ <body xmlns="http://www.w3.org/1999/xhtml">
>+	The PHP Project reports:
>+	<blockquote cite="http://www.php.net/ChangeLog-5.php">
>+	 Use After Free Vulnerability in unserialize().
>+	 Heap overflow vulnerability in regcomp.c.
>+	 ZIP Integer Overflow leads to writing past heap boundary.
>+	</blockquote>
>+ </body>
>+ </description>
>+ <references>
>+ <cvename>CVE-2015-0231</cvename>
>+ <cvename>CVE-2015-2305</cvename>
>+ <cvename>CVE-2015-2331</cvename>
>+ <url>http://php.net/ChangeLog-5.php#5.4.39</url>
>+ <url>http://php.net/ChangeLog-5.php#5.5.23</url>
>+ <url>http://php.net/ChangeLog-5.php#5.6.7</url>
>+ </references>
>+ <dates>
>+ <discovery>2015-03-19</discovery>
>+ <entry>2015-03-28</entry>
>+ </dates>
>+ </vuln>
>+
> <vuln vid="264749ae-d565-11e4-b545-00269ee29e57">
> <topic>libzip -- integer overflow</topic>
> <affects>

Actions: View | Diff

Attachments on bug 198993: 154937 | 154938 | 154941