CVE-2014-8142 is not mentioned in 5.6.4 changelog

9 years ago by Yasuo Ohgaki — view source

unread

Hi,

http://php.net/ChangeLog-5.php#5.4.36
does not mention CVE-2014-8142.

Fixed bug #68594 (Use after free vulnerability in unserialize()).
should be
Fixed bug #68594 (Use after free vulnerability in
unserialize())(CVE-2014-8142).
like 5.5/5.4's changelog.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net

9 years ago by Lior Kaplan — view source

unread

Fixed.

http://git.php.net/?p=web/php.git;a=commitdiff;h=52cb11fca4c343f0529ceecfdc5372b49b966435

(should be refreshed on the website soon enough)

Hi,

http://php.net/ChangeLog-5.php#5.4.36
does not mention CVE-2014-8142.

Fixed bug #68594 (Use after free vulnerability in unserialize()).
should be
Fixed bug #68594 (Use after free vulnerability in
unserialize())(CVE-2014-8142).
like 5.5/5.4's changelog.

Regards,

--
Yasuo Ohgaki
yohgaki@ohgaki.net