Control: retitle -1 php7.0: CVE-2017-5340: Use of uninitialized memory in
unserialize()
Hi
MITRE had assigned CVE-2017-5340 for this issue. Can you add the CVE
reference to the upstream bug?
Regards,
Salvatore
Hi Ondřej
On Wed, Jan 04, 2017 at 03:24:22PM +0100, Ondřej Surý wrote:
> Hi,
>
> any web application that allows passing unsanitized data to
> unserialize() is doomed, so I don't really think that this requires
> immediate attention.
>
> This will get fixed in a normal security cycle with next P
Hi,
any web application that allows passing unsanitized data to
unserialize() is doomed, so I don't really think that this requires
immediate attention.
This will get fixed in a normal security cycle with next PHP release (or
I'll add the patch on top of next release).
Cheers,
--
Ondřej Surý
K
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Package: php7.0
Version: 7.0.14-2
Severity: important
Tags: security, upstream, fixed-upstream
There was found a bug showing that PHP uses uninitialized memory during calls to
`unserialize()`. As the following report shows, the payload supplied to
`un
4 matches
Mail list logo