| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 11 May 2010 11:55:24 +0300 From: Eren Türkay <eren@...dus.org.tr> To: Stefan Esser <stefan.esser@...tioneins.de> Cc: bugtraq@...urityfocus.com, full-disclosure <full-disclosure@...ts.grok.org.uk> Subject: Re: [Full-disclosure] Month of PHP Security - Summary - 1st May - 10th May On Mon, May 10, 2010 at 09:05:16PM +0200, Stefan Esser wrote: > Hi everyone, > > 10 days ago the Month of PHP Security 2010 has started at > http://www.php-security.org/ and meanwhile 20 vulnerabilities were > posted and also 4 user submitted articles were published. Here is a > short summary of what was released so far. You can follow the Month of > PHP Security on Twitter, too. Just follow @mops_2010 Thank you and all the volunteers for your efforts. It is good to see that Month of PHP Security 2010 is started. I think, it would be better to mention CVE IDs assigned to these issues by MITRE in your advisories. Below is what I have been able to collect. > Vulnerabilities in PHP > ---------------------- > > MOPS-2010-017: PHP preg_quote() Interruption Information Leak > Vulnerability - http://bit.ly/cUYsbj > MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak > Vulnerability - http://bit.ly/bwT28V > MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak > Vulnerability - http://bit.ly/a3BonY > MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information > Leak Vulnerability - http://bit.ly/cdMzTo Not assigned yet > MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage > Vulnerability - http://bit.ly/bhHyrj > MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage > Vulnerability - http://bit.ly/8Z8xYt - CVE-2010-1868 (for both issues) > MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak > Vulnerability - http://bit.ly/doxAXk - CVE-2010-1860 > MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access > Vulnerability - http://bit.ly/b4NBD8 - CVE-2010-1861 > MOPS-2010-008: PHP chunk_split() Interruption Information Leak > Vulnerability - http://bit.ly/cVoWoM - CVE-2010-1862 > MOPS-2010-006: PHP addcslashes() Interruption Information Leak > Vulnerability - http://bit.ly/b5gkaf - CVE-2010-1864 > MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability - > http://bit.ly/bXDivD - CVE-2010-1866 > MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access > Vulnerability - http://bit.ly/aZDRha Not assigned yet
Powered by blists - more mailing lists