FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2d56308b-c0a8-11e6-a9a5-b499baebfeafPHP -- Multiple vulnerabilities

The PHP project reports:

This is a security release. Several security bugs were fixed in this release.


Discovery 2016-12-12
Entry 2016-12-12
php56
< 5.6.29

php70
< 7.0.14

http://php.net/archive/2016.php#id2016-12-08-1
http://php.net/archive/2016.php#id2016-12-08-2
de7a2b32-bd7d-11e7-b627-d43d7e971a1bPHP -- denial of service attack

The PHP project reports:

The PHP development team announces the immediate availability of PHP 5.6.32. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.25. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.1.11. This is a bugfix release, with several bug fixes included. All PHP 7.1 users are encouraged to upgrade to this version.


Discovery 2017-10-26
Entry 2017-10-30
Modified 2017-11-14
php56
< 5.6.32

php70
< 7.0.25

php71
< 7.1.11

http://php.net/archive/2017.php#id2017-10-26-3
http://php.net/archive/2017.php#id2017-10-26-1
http://php.net/archive/2017.php#id2017-10-27-1
CVE-2016-1283
b6402385-533b-11e6-a7bd-14dae9d210b8php -- multiple vulnerabilities

PHP reports:

  • Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

  • Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).

  • Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).

  • Fixed bug #72519 (imagegif/output out-of-bounds access).

  • Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).

  • Fixed bug #72533 (locale_accept_from_http out-of-bounds access).

  • Fixed bug #72541 (size_t overflow lead to heap corruption).

  • Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).

  • Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).

  • Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).

  • Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).

  • Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).

  • Fixed bug #72613 (Inadequate error handling in bzread()).

  • Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).


Discovery 2016-07-21
Entry 2016-07-26
php55
< 5.5.38

php56
< 5.6.24

php70
< 7.0.9

php70-curl
< 7.0.9

php55-bz2
< 5.5.38

php56-bz2
< 5.6.24

php70-bz2
< 7.0.9

php55-exif
< 5.5.38

php56-exif
< 5.6.24

php70-exif
< 7.0.9

php55-gd
< 5.5.38

php56-gd
< 5.6.24

php70-gd
< 7.0.9

php70-mcrypt
< 7.0.9

php55-odbc
< 5.5.38

php56-odbc
< 5.6.24

php70-odbc
< 7.0.9

php55-snmp
< 5.5.38

php56-snmp
< 5.6.24

php70-snmp
< 7.0.9

php55-xmlrpc
< 5.5.38

php56-xmlrpc
< 5.6.24

php70-xmlrpc
< 7.0.9

php55-zip
< 5.5.38

php56-zip
< 5.6.24

php70-zip
< 7.0.9

http://www.php.net/ChangeLog-5.php#5.5.38
http://www.php.net/ChangeLog-5.php#5.6.24
http://www.php.net/ChangeLog-7.php#7.0.8
http://seclists.org/oss-sec/2016/q3/121
CVE-2015-8879
CVE-2016-5385
CVE-2016-5399
CVE-2016-6288
CVE-2016-6289
CVE-2016-6290
CVE-2016-6291
CVE-2016-6292
CVE-2016-6294
CVE-2016-6295
CVE-2016-6296
CVE-2016-6297
6972668d-cdb7-11e6-a9a5-b499baebfeafPHP -- multiple vulnerabilities

The PHP project reports:

  • Use After Free Vulnerability in unserialize() (CVE-2016-9936)
  • Invalid read when wddx decodes empty boolean element (CVE-2016-9935)

Discovery 2016-12-08
Entry 2016-12-29
php70
< 7.0.14

http://php.net/ChangeLog-7.php#7.0.14
CVE-2016-9935
CVE-2016-9936
f471032a-8700-11e6-8d93-00248c0c745dPHP -- multiple vulnerabilities

PHP reports:

  • Fixed bug #73007 (add locale length check)

  • Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)

  • Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)

  • Fixed bug #73029 (Missing type check when unserializing SplArray)

  • Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)

  • Fixed bug #72860 (wddx_deserialize use-after-free)

  • Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)


Discovery 2016-09-15
Entry 2016-09-30
php70
< 7.0.11

http://php.net/ChangeLog-7.php#7.0.11
CVE-2016-7416
CVE-2016-7412
CVE-2016-7414
CVE-2016-7417
CVE-2016-7413
CVE-2016-7418
709e025a-de8b-11e6-a9a5-b499baebfeafPHP -- undisclosed vulnerabilities

The PHP project reports:

The PHP development team announces the immediate availability of PHP 7.0.15. This is a security release. Several security bugs were fixed in this release.

The PHP development team announces the immediate availability of PHP 5.6.30. This is a security release. Several security bugs were fixed in this release.


Discovery 2017-01-19
Entry 2017-01-19
Modified 2017-01-20
php56
< 5.6.30

php70
< 7.0.15

http://php.net/archive/2017.php#id2017-01-19-2
http://php.net/archive/2017.php#id2017-01-19-3
1b61ecef-cdb9-11e6-a9a5-b499baebfeafPHP -- multiple vulnerabilities

Check Point reports:

... discovered 3 fresh and previously unknown vulnerabilities (CVE-2016-7479, CVE-2016-7480, CVE-2016-7478) in the PHP 7 unserialize mechanism.

The first two vulnerabilities allow attackers to take full control over servers, allowing them to do anything they want with the website, from spreading malware to defacing it or stealing customer data.

The last vulnerability generates a Denial of Service attack which basically hangs the website, exhausts its memory consumption, and shuts it down.

The PHP security team issued fixes for two of the vulnerabilities on the 13th of October and 1st of December.


Discovery 2016-12-27
Entry 2016-12-29
Modified 2017-01-04
php70
< 7.0.14

http://blog.checkpoint.com/2016/12/27/check-point-discovers-three-zero-day-vulnerabilities-web-programming-language-php-7/
CVE-2016-7478
CVE-2016-7479
CVE-2016-7480