FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3d675519-5654-11e5-9ad8-14dae9d210b8php -- multiple vulnerabilities

PHP reports:

  • Core:
    • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
    • Fixed bug #70219 (Use after free vulnerability in session deserializer).
  • EXIF:
    • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
  • hash:
    • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
  • PCRE:
    • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
  • SOAP:
    • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
  • SPL:
    • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
    • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
  • XSLT:
    • Fixed bug #69782 (NULL pointer dereference).
  • ZIP:
    • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

Discovery 2015-09-03
Entry 2015-09-08
Modified 2015-09-08
php5
php5-soap
php5-xsl
lt 5.4.45

php55
php55-soap
php55-xsl
lt 5.5.29

php56
php56-soap
php56-xsl
lt 5.6.13

http://php.net/ChangeLog-5.php#5.4.45
http://php.net/ChangeLog-5.php#5.5.29
http://php.net/ChangeLog-5.php#5.6.13
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838