FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374986
Date:      2014-12-20
Time:      00:21:30Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
71d903fc-602d-11dc-898c-001921ab2fa4php -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.4:

  • Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
  • Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
  • Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
  • Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
  • Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
  • Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
  • Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)
  • Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
  • Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
  • Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
  • Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
  • Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
  • Improved fix for MOPB-03-2007.
  • Corrected fix for CVE-2007-2872.

Discovery 2007-08-30
Entry 2007-09-11
Modified 2008-01-14
php5
lt 5.2.4

php4
lt 4.4.8

CVE-2007-2872
CVE-2007-3378
CVE-2007-3806
CVE-2007-3996
CVE-2007-3997
CVE-2007-3998
CVE-2007-4652
CVE-2007-4657
CVE-2007-4658
CVE-2007-4659
CVE-2007-4660
CVE-2007-4661
CVE-2007-4662
CVE-2007-4663
CVE-2007-4670
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_4.php
http://secunia.com/advisories/26642
f5e52bf5-fc77-11db-8163-000e0c2e438aphp -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

  • Fixed CVE-2007-1001, GD wbmp used with invalid image size
  • Fixed asciiz byte truncation inside mail()
  • Fixed a bug in mb_parse_str() that can be used to activate register_globals
  • Fixed unallocated memory access/double free in in array_user_key_compare()
  • Fixed a double free inside session_regenerate_id()
  • Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
  • Limit nesting level of input variables with max_input_nesting_level as fix for.
  • Fixed CRLF injection inside ftp_putcmd().
  • Fixed a possible super-global overwrite inside import_request_variables().
  • Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library.

Security Enhancements and Fixes in PHP 5.2.2 only:

  • Fixed a header injection via Subject and To parameters to the mail() function
  • Fixed wrong length calculation in unserialize S type.
  • Fixed substr_compare and substr_count information leak.
  • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request().
  • Fixed a buffer overflow inside user_filter_factory_create().

Security Enhancements and Fixes in PHP 4.4.7 only:

  • XSS in phpinfo()

Discovery 2007-05-03
Entry 2007-05-07
Modified 2014-04-01
php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5
lt 5.2.2

php4-odbc
php4-session
php4-shmop
php4-wddx
php4
lt 4.4.7

mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms
ge 4 lt 4.4.7

ge 5 lt 5.2.2

CVE-2007-1001
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php
f5e52bf5-fc77-11db-8163-000e0c2e438aphp -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

  • Fixed CVE-2007-1001, GD wbmp used with invalid image size
  • Fixed asciiz byte truncation inside mail()
  • Fixed a bug in mb_parse_str() that can be used to activate register_globals
  • Fixed unallocated memory access/double free in in array_user_key_compare()
  • Fixed a double free inside session_regenerate_id()
  • Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
  • Limit nesting level of input variables with max_input_nesting_level as fix for.
  • Fixed CRLF injection inside ftp_putcmd().
  • Fixed a possible super-global overwrite inside import_request_variables().
  • Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library.

Security Enhancements and Fixes in PHP 5.2.2 only:

  • Fixed a header injection via Subject and To parameters to the mail() function
  • Fixed wrong length calculation in unserialize S type.
  • Fixed substr_compare and substr_count information leak.
  • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request().
  • Fixed a buffer overflow inside user_filter_factory_create().

Security Enhancements and Fixes in PHP 4.4.7 only:

  • XSS in phpinfo()

Discovery 2007-05-03
Entry 2007-05-07
Modified 2014-04-01
php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5
lt 5.2.2

php4-odbc
php4-session
php4-shmop
php4-wddx
php4
lt 4.4.7

mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms
ge 4 lt 4.4.7

ge 5 lt 5.2.2

CVE-2007-1001
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php
60de13d5-95f0-11e1-806a-001143cd36d8php -- vulnerability in certain CGI-based setups

php development team reports:

Security Enhancements and Fixes in PHP 5.3.12:

  • Initial fix for cgi-bin ?-s cmdarg parse issue (CVE-2012-1823)

Discovery 2012-05-03
Entry 2012-05-05
php5
gt 5.4 lt 5.4.2

lt 5.3.12

php53
lt 5.3.12

php4
lt 4.4.10

php52
lt 5.2.17_8

CVE-2012-1823
71d903fc-602d-11dc-898c-001921ab2fa4php -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.4:

  • Fixed a floating point exception inside wordwrap() (Reported by Mattias Bengtsson)
  • Fixed several integer overflows inside the GD extension (Reported by Mattias Bengtsson)
  • Fixed size calculation in chunk_split() (Reported by Gerhard Wagner)
  • Fixed integer overflow in str[c]spn(). (Reported by Mattias Bengtsson)
  • Fixed money_format() not to accept multiple %i or %n tokens. (Reported by Stanislav Malyshev)
  • Fixed zend_alter_ini_entry() memory_limit interruption vulnerability. (Reported by Stefan Esser)
  • Fixed INFILE LOCAL option handling with MySQL extensions not to be allowed when open_basedir or safe_mode is active. (Reported by Mattias Bengtsson)
  • Fixed session.save_path and error_log values to be checked against open_basedir and safe_mode (CVE-2007-3378) (Reported by Maksymilian Arciemowicz)
  • Fixed a possible invalid read in glob() win32 implementation (CVE-2007-3806) (Reported by shinnai)
  • Fixed a possible buffer overflow in php_openssl_make_REQ (Reported by zatanzlatan at hotbrev dot com)
  • Fixed an open_basedir bypass inside glob() function (Reported by dr at peytz dot dk)
  • Fixed a possible open_basedir bypass inside session extension when the session file is a symlink (Reported by c dot i dot morris at durham dot ac dot uk)
  • Improved fix for MOPB-03-2007.
  • Corrected fix for CVE-2007-2872.

Discovery 2007-08-30
Entry 2007-09-11
Modified 2008-01-14
php5
lt 5.2.4

php4
lt 4.4.8

CVE-2007-2872
CVE-2007-3378
CVE-2007-3806
CVE-2007-3996
CVE-2007-3997
CVE-2007-3998
CVE-2007-4652
CVE-2007-4657
CVE-2007-4658
CVE-2007-4659
CVE-2007-4660
CVE-2007-4661
CVE-2007-4662
CVE-2007-4663
CVE-2007-4670
http://www.php.net/releases/4_4_8.php
http://www.php.net/releases/5_2_4.php
http://secunia.com/advisories/26642
60de13d5-95f0-11e1-806a-001143cd36d8php -- vulnerability in certain CGI-based setups

php development team reports:

Security Enhancements and Fixes in PHP 5.3.12:

  • Initial fix for cgi-bin ?-s cmdarg parse issue (CVE-2012-1823)

Discovery 2012-05-03
Entry 2012-05-05
php5
gt 5.4 lt 5.4.2

lt 5.3.12

php53
lt 5.3.12

php4
lt 4.4.10

php52
lt 5.2.17_8

CVE-2012-1823