lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 11 May 2010 11:55:24 +0300
From: Eren Türkay <eren@...dus.org.tr>
To: Stefan Esser <stefan.esser@...tioneins.de>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq@...urityfocus.com
Subject: Re: Month of PHP Security - Summary - 1st May -
 10th May

On Mon, May 10, 2010 at 09:05:16PM +0200, Stefan Esser wrote:
> Hi everyone,
> 
> 10 days ago the Month of PHP Security 2010 has started at
> http://www.php-security.org/ and meanwhile 20 vulnerabilities were
> posted and also 4 user submitted articles were published. Here is a
> short summary of what was released so far. You can follow the Month of
> PHP Security on Twitter, too. Just follow @mops_2010

Thank you and all the volunteers for your efforts. It is good to see
that Month of PHP Security 2010 is started.

I think, it would be better to mention CVE IDs assigned to these issues
by MITRE in your advisories. Below is what I have been able to collect.

> Vulnerabilities in PHP
> ----------------------
> 
> MOPS-2010-017: PHP preg_quote() Interruption Information Leak
> Vulnerability - http://bit.ly/cUYsbj
> MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak
> Vulnerability - http://bit.ly/bwT28V
> MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak
> Vulnerability - http://bit.ly/a3BonY
> MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information
> Leak Vulnerability - http://bit.ly/cdMzTo

Not assigned yet

> MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage
> Vulnerability - http://bit.ly/bhHyrj
> MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage
> Vulnerability - http://bit.ly/8Z8xYt

- CVE-2010-1868 (for both issues)

> MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak
> Vulnerability - http://bit.ly/doxAXk

- CVE-2010-1860

> MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access
> Vulnerability - http://bit.ly/b4NBD8

- CVE-2010-1861

> MOPS-2010-008: PHP chunk_split() Interruption Information Leak
> Vulnerability - http://bit.ly/cVoWoM

- CVE-2010-1862

> MOPS-2010-006: PHP addcslashes() Interruption Information Leak
> Vulnerability - http://bit.ly/b5gkaf

- CVE-2010-1864

> MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability -
> http://bit.ly/bXDivD

- CVE-2010-1866

> MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access
> Vulnerability - http://bit.ly/aZDRha

Not assigned yet

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists