FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371119
Date:      2014-10-18
Time:      12:52:26Z
Committer: kwm

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
71d903fc-602d-11dc-898c-001921ab2fa4php -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.4:

  • Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
  • Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
  • Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
  • Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
  • Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
  • Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
  • Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)
  • Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
  • Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
  • Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
  • Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
  • Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
  • Improved fix for MOPB-03-2007.
  • Corrected fix for CVE-2007-2872.

Discovery 2007-08-30
Entry 2007-09-11
Modified 2008-01-14
php5
lt 5.2.4

php4
lt 4.4.8

CVE-2007-2872
CVE-2007-3378
CVE-2007-3806
CVE-2007-3996
CVE-2007-3997
CVE-2007-3998
CVE-2007-4652
CVE-2007-4657
CVE-2007-4658
CVE-2007-4659
CVE-2007-4660
CVE-2007-4661
CVE-2007-4662
CVE-2007-4663
CVE-2007-4670
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_4.php
http://secunia.com/advisories/26642
60de13d5-95f0-11e1-806a-001143cd36d8php -- vulnerability in certain CGI-based setups

php development team reports:

Security Enhancements and Fixes in PHP 5.3.12:

  • Initial fix for cgi-bin ?-s cmdarg parse issue (CVE-2012-1823)

Discovery 2012-05-03
Entry 2012-05-05
php5
gt 5.4 lt 5.4.2

lt 5.3.12

php53
lt 5.3.12

php4
lt 4.4.10

php52
lt 5.2.17_8

CVE-2012-1823
71d903fc-602d-11dc-898c-001921ab2fa4php -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.4:

  • Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
  • Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
  • Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
  • Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
  • Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
  • Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
  • Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)
  • Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
  • Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
  • Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
  • Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
  • Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
  • Improved fix for MOPB-03-2007.
  • Corrected fix for CVE-2007-2872.

Discovery 2007-08-30
Entry 2007-09-11
Modified 2008-01-14
php5
lt 5.2.4

php4
lt 4.4.8

CVE-2007-2872
CVE-2007-3378
CVE-2007-3806
CVE-2007-3996
CVE-2007-3997
CVE-2007-3998
CVE-2007-4652
CVE-2007-4657
CVE-2007-4658
CVE-2007-4659
CVE-2007-4660
CVE-2007-4661
CVE-2007-4662
CVE-2007-4663
CVE-2007-4670
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_4.php
http://secunia.com/advisories/26642
60de13d5-95f0-11e1-806a-001143cd36d8php -- vulnerability in certain CGI-based setups

php development team reports:

Security Enhancements and Fixes in PHP 5.3.12:

  • Initial fix for cgi-bin ?-s cmdarg parse issue (CVE-2012-1823)

Discovery 2012-05-03
Entry 2012-05-05
php5
gt 5.4 lt 5.4.2

lt 5.3.12

php53
lt 5.3.12

php4
lt 4.4.10

php52
lt 5.2.17_8

CVE-2012-1823