cve

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Next revisionBoth sides next revision
cve [2019/04/29 03:43] stascve [2019/07/08 00:21] stas
Line 12: Line 12:
   - Read the issues and ensure the vulnerability needs a CVE. Refer to https://wiki.php.net/security for guidance. The rules of thumb are:   - Read the issues and ensure the vulnerability needs a CVE. Refer to https://wiki.php.net/security for guidance. The rules of thumb are:
      * What usually needs a CVE: an issue where remote user gets to read what is not supposed to be read, write what is not supposed to be written, crash what is not supp... you get the idea.      * What usually needs a CVE: an issue where remote user gets to read what is not supposed to be read, write what is not supposed to be written, crash what is not supp... you get the idea.
-     * What usually does not need a CVE: configuration issues, security enhancements not linked to a specific vulnerability, issues requiring code execution access, issues triggered by code/configuration known to be insecure, issues in non-release versions (e.g. master), third-party library issues (may be still issued CVE but not by us)+     * What usually does not need a CVE: configuration issues, security enhancements not linked to a specific vulnerability, issues requiring code execution access, issues triggered by code/configuration known to be insecure or unreachable, issues in non-release versions (e.g. master), third-party library issues (may be still issued CVEbut not by us).
   - Take first item from the list of unallocated IDs below, and move it to the list of allocated IDs together with the bug ID   - Take first item from the list of unallocated IDs below, and move it to the list of allocated IDs together with the bug ID
-  - If there's no unallocated IDs left, use "needed" in CVE field of the bug and notify security@php.net that newCVE number allocation is needed. We'll be watching the number of available ones and allocate more on need, but if certain release's bug harvest is particularly bountiful, they may run out quicker then expected. +  - If there's no unallocated IDs left, use "needed" in CVE field of the bug and notify security@php.net that new CVE number allocation is needed. We'll be watching the number of available ones and allocate more on need, but if certain release's bug harvest is particularly bountiful, they may run out quicker then expected. 
   - Edit the bug and add CVE id to the issue   - Edit the bug and add CVE id to the issue
   - Once the bug is fixed, add the CVE number selected to the bug fix to the release notes (NEWS).   - Once the bug is fixed, add the CVE number selected to the bug fix to the release notes (NEWS).
Line 46: Line 46:
 | CVE-2019-11035  |  https://bugs.php.net/77831    | | CVE-2019-11035  |  https://bugs.php.net/77831    |
 | CVE-2019-11036  |  https://bugs.php.net/77950    | | CVE-2019-11036  |  https://bugs.php.net/77950    |
 +| CVE-2019-11037  |  https://bugs.php.net/77791     | 
 +| CVE-2019-11038  |  https://bugs.php.net/77973    | 
 +| CVE-2019-11039  |  https://bugs.php.net/78069   | 
 +| CVE-2019-11040  |  https://bugs.php.net/77988   | 
 +| CVE-2019-11041  |  https://bugs.php.net/78222   | 
 +| CVE-2019-11042  |  https://bugs.php.net/78256   |
  
 ===== Unallocated ===== ===== Unallocated =====
 <file> <file>
-CVE-2019-11037   
-CVE-2019-11038   
-CVE-2019-11039   
-CVE-2019-11040   
-CVE-2019-11041   
-CVE-2019-11042   
 CVE-2019-11043   CVE-2019-11043  
 CVE-2019-11044   CVE-2019-11044  
cve.txt · Last modified: 2022/10/24 00:45 by stas