FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5def3175-f3f9-4476-ba40-b46627cc638cPHP5 -- Integer overflow in Calendar module

The PHP development team reports:

Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.


Discovery 2013-05-22
Entry 2013-07-16
php5
ge 5.4.0 lt 5.4.16

php53
< 5.3.26

CVE-2013-4635
https://bugs.php.net/bug.php?id=64895
59e7163c-cf84-11e2-907b-0025905a4770php5 -- Heap based buffer overflow in quoted_printable_encode

The PHP development team reports:

A Heap-based buffer overflow flaw was found in the php quoted_printable_encode() function. A remote attacker could use this flaw to cause php to crash or execute arbirary code with the permission of the user running php


Discovery 2013-06-06
Entry 2013-06-07
php5
< 5.4.16

php53
< 5.3.26

CVE-2013-2110
https://bugzilla.redhat.com/show_bug.cgi?id=964969
742563d4-d776-11e4-b595-4061861086c1Several vulnerabilities found in PHP

The PHP project reports:

The PHP development team announces the immediate availability of PHP 5.6.7. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 5.5.23. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.5 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 5.4.39. Six security-related bugs were fixed in this release, including CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.4 users are encouraged to upgrade to this version.


Discovery 2015-03-19
Entry 2015-04-01
php53
le 5.3.29_5

php5
< 5.4.39

php55
< 5.5.23

php56
< 5.6.7

http://php.net/archive/2015.php#id2015-03-20-2
CVE-2015-0231
CVE-2015-2305
CVE-2015-2311
ports/198739
7fe7df75-6568-11e6-a590-14dae9d210b8End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.


Discovery 2016-08-18
Entry 2016-08-18
Modified 2016-10-18
python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
ge 0

php54
php53
php52
php5
php4
ge 0

perl5
< 5.18

perl5.16
perl5.14
perl5.12
perl
ge 0

ruby
ruby_static
< 2.1,1

unifi2
unifi3
ge 0

apache21
apache20
apache13
ge 0

tomcat55
tomcat41
ge 0

mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
ge 0

postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
ge 0

ports/211975
d2a892b9-2605-11e4-9da0-00a0986f28c4PHP multiple vulnerabilities

The PHP Team reports:

insecure temporary file use in the configure script

unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion

Heap buffer over-read in DateInterval

fileinfo: cdf_read_short_sector insufficient boundary check

fileinfo: CDF infinite loop in nelements DoS

fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation)

Fix potential segfault in dns_check_record()


Discovery 2014-08-14
Entry 2014-08-18
php53
< 5.3.29

CVE-2013-6712
CVE-2014-0207
CVE-2014-0237
CVE-2014-0238
CVE-2014-3515
CVE-2014-3981
CVE-2014-4049
http://php.net/ChangeLog-5.php#5.3.29
https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89php -- potential overflow in _php_stream_scandir

The PHP Development Team reports:

The release of PHP 5.4.15 and 5.4.5 fix a potential overflow in _php_stream_scandir


Discovery 2012-07-19
Entry 2012-07-23
Modified 2013-01-15
php5
gt 5.4 lt 5.4.5

ge 5.3 lt 5.3.15

ge 5.2 lt 5.2.17_10

php53
< 5.3.15

php52
< 5.2.17_10

CVE-2012-2688
http://www.php.net/archive/2012.php#id2012-07-19-1
1d23109a-9005-11e2-9602-d43d7e0c7c02php5 -- Multiple vulnerabilities

The PHP development team reports:

PHP does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory.

The SOAP parser in PHP allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.


Discovery 2013-03-04
Entry 2013-03-18
php5
< 5.4.13

php53
< 5.3.23

CVE-2013-1643
CVE-2013-1635
47b4e713-6513-11e3-868f-0025905a4771PHP5 -- memory corruption in openssl_x509_parse()

Stefan Esser reports:

The PHP function openssl_x509_parse() uses a helper function called asn1_time_to_time_t() to convert timestamps from ASN1 string format into integer timestamp values. The parser within this helper function is not binary safe and can therefore be tricked to write up to five NUL bytes outside of an allocated buffer.

This problem can be triggered by x509 certificates that contain NUL bytes in their notBefore and notAfter timestamp fields and leads to a memory corruption that might result in arbitrary code execution.

Depending on how openssl_x509_parse() is used within a PHP application the attack requires either a malicious cert signed by a compromised/malicious CA or can be carried out with a self-signed cert.


Discovery 2013-12-13
Entry 2013-12-14
php5
ge 5.4.0 lt 5.4.23

php53
< 5.3.28

php55
ge 5.5.0 lt 5.5.7

CVE-2013-6420
https://www.sektioneins.de/advisories/advisory-012013-php-openssl_x509_parse-memory-corruption-vulnerability.html
31b145f2-d9d3-49a9-8023-11cf742205dcPHP5 -- Heap corruption in XML parser

The PHP development team reports:

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct function.


Discovery 2013-07-10
Entry 2013-07-16
php53
< 5.3.27

CVE-2013-4113
https://bugs.php.net/bug.php?id=65236