Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:79941 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 27787 invoked from network); 25 Dec 2014 19:12:22 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 25 Dec 2014 19:12:22 -0000 Authentication-Results: pb1.pair.com header.from=lior.k@zend.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=lior.k@zend.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 209.85.218.50 as permitted sender) X-PHP-List-Original-Sender: lior.k@zend.com X-Host-Fingerprint: 209.85.218.50 mail-oi0-f50.google.com Received: from [209.85.218.50] ([209.85.218.50:35839] helo=mail-oi0-f50.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 52/40-25528-4916C945 for ; Thu, 25 Dec 2014 14:12:21 -0500 Received: by mail-oi0-f50.google.com with SMTP id x69so20706964oia.9 for ; Thu, 25 Dec 2014 11:12:17 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=HGQU8l/uF6654TpIFPmgNjindtLfgrPqLv3pYuNGdEY=; b=Fwp8RzDg46hYai4qvlgDKw3WDo9xwzwb2d7t2rGedAR4y0EOiljyMD29gEUIRBTn5f JVs754XnCR4PaY7fOOkp9VWahh5CDvKddehlKfF3W9j/Wq4BVLAsQvTbIqvYJErfJvWq x8PtXgsDVb5ak3A0cA/43kGfVeFtqVjK1Bf2Uftk8BZoeMt0GWWz1I1AnWUiQR6wYbHS 3wsOsaKjSqzcvIhsCI2gJdxQIDSZ8bFLM+ElzrIzkNVI5npkicWVELP+uFnaMFF5Deyj DkPEXZYfNZ5iRKeY/bfFhoAWhMygcU3TgbMOP7hOakVjU06JiajVgaXC3wHdiX2eaHAY zM/A== X-Gm-Message-State: ALoCoQmKpT22rrjNpLR6IzYiZJtQeCezYKOfZO5w0vCqDegNEizym7KQ2NSS+mBmUBgp9CQFlsqg2PTPP2B0tgjtJ4EQ0S+4+sbjOvEh425TmGWyNNkpTfbJn4XztwGIE4BPDfrNfn4dvbJcHOK6U+BkC+M90JflAA== MIME-Version: 1.0 X-Received: by 10.202.74.135 with SMTP id x129mr21795689oia.58.1419534737400; Thu, 25 Dec 2014 11:12:17 -0800 (PST) Received: by 10.60.165.238 with HTTP; Thu, 25 Dec 2014 11:12:17 -0800 (PST) In-Reply-To: References: Date: Thu, 25 Dec 2014 21:12:17 +0200 Message-ID: To: Yasuo Ohgaki Cc: "internals@lists.php.net" Content-Type: multipart/alternative; boundary=001a11c14fa8c4fb15050b0f2fcc Subject: Re: [PHP-DEV] CVE-2014-8142 is not mentioned in 5.6.4 changelog From: lior.k@zend.com (Lior Kaplan) --001a11c14fa8c4fb15050b0f2fcc Content-Type: text/plain; charset=UTF-8 Fixed. http://git.php.net/?p=web/php.git;a=commitdiff;h=52cb11fca4c343f0529ceecfdc5372b49b966435 (should be refreshed on the website soon enough) On Wed, Dec 24, 2014 at 6:58 AM, Yasuo Ohgaki wrote: > Hi, > > http://php.net/ChangeLog-5.php#5.4.36 > does not mention CVE-2014-8142. > > Fixed bug #68594 (Use after free vulnerability in unserialize()). > should be > Fixed bug #68594 (Use after free vulnerability in > unserialize())(CVE-2014-8142). > like 5.5/5.4's changelog. > > Regards, > > -- > Yasuo Ohgaki > yohgaki@ohgaki.net > --001a11c14fa8c4fb15050b0f2fcc--