FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-07-06 08:50:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2ac2ddc2-0051-11f0-8673-f02f7432cf97	php -- Multiple vulnerabilities php.net reports: CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). CVE-2025-1736: Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). CVE-2025-1861: Streams: Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). CVE-2025-1734: Streams: Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). CVE-2025-1217: Streams: Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). Discovery 2025-03-13 Entry 2025-03-13 php81 < 8.1.32 php82 < 8.2.28 php83 < 8.3.19 php84 < 8.4.5 CVE-2024-11235 CVE-2025-1219 CVE-2025-1736 CVE-2025-1861 CVE-2025-1734 CVE-2025-1217 https://www.php.net/ChangeLog-8.php
d607b12c-5821-11f0-ab92-f02f7497ecda	php -- Multiple vulnerabilities php.net reports: CVE-2025-1735: pgsql extension does not check for errors during escaping CVE-2025-6491: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CVE-2025-1220: Null byte termination in hostnames Discovery 2025-02-27 Entry 2025-07-03 php81 < 8.1.33 php82 < 8.2.29 php83 < 8.3.23 php84 < 8.4.10 CVE-2025-1735 CVE-2025-6491 CVE-2025-1220

VuXML ID

Description

2ac2ddc2-0051-11f0-8673-f02f7432cf97

php -- Multiple vulnerabilities

php.net reports:

CVE-2024-11235: Core: Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free).

CVE-2025-1219: LibXML: Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource).

CVE-2025-1736: Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header).

CVE-2025-1861: Streams: Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes).

CVE-2025-1734: Streams: Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon).

CVE-2025-1217: Streams: Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers).

Discovery 2025-03-13
Entry 2025-03-13
php81

< 8.1.32

php82

< 8.2.28

php83

< 8.3.19

php84

< 8.4.5

CVE-2024-11235
CVE-2025-1219
CVE-2025-1736
CVE-2025-1861
CVE-2025-1734
CVE-2025-1217
https://www.php.net/ChangeLog-8.php

d607b12c-5821-11f0-ab92-f02f7497ecda

php -- Multiple vulnerabilities

php.net reports:

CVE-2025-1735: pgsql extension does not check for errors during escaping

CVE-2025-6491: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix

CVE-2025-1220: Null byte termination in hostnames

Discovery 2025-02-27
Entry 2025-07-03
php81

< 8.1.33

php82

< 8.2.29

php83

< 8.3.23

php84

< 8.4.10

CVE-2025-1735
CVE-2025-6491
CVE-2025-1220