Adding CVE-2019-11043 with fixed versions 7.1.32 and 7.3.9. #33
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…te again once the threat level and summary has been released
|
Thanks for the submission! So, do you want to just let me know on here when this is updated and I can handle that merge? |
|
Yes, I'll commit & comment once the missing details have been updated. |
|
This is kinda odd where there is still not an official entry days after the initial release and patch. I wonder if there is an argument to be made where the |
|
@enygma this is ready to merge |
|
@enygma - would you consider giving me merge privileges on this repo? |
|
I can merge this for now. I'll defer to @enygma on granting merge privileges. (IMO the more help the better but this isn't my repo 😛) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding
CVE-2019-11043with fixed versions 7.1.32 and 7.3.9. The CVE hasn't been published in a CVE database yet, so I'll update this pull request with the appropriate threat level and summary once its been published. This CVE allows remote code execution, so I expect it to have a high rating, but it does require a specific NGINX configuration to be exploitable.Watching:
Bug: http://bugs.php.net/78599
I'd also like to take a minute to point out that I would still be interested in implementing #32 if there is still any interest in maintaining this project or allowing others to continue the maintenance.