FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  567419
Date:      2021-03-05
Time:      21:18:20Z
Committer: mfechner

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8b1f53f3-2da5-11e5-86ff-14dae9d210b8php-phar -- multiple vulnerabilities

reports:

Segfault in Phar::convertToData on invalid file.

Buffer overflow and stack smashing error in phar_fix_filepath.


Discovery 2015-06-24
Entry 2015-07-18
Modified 2015-12-18
php56-phar
lt 5.6.11

php55-phar
lt 5.5.27

php5-phar
lt 5.4.43

http://seclists.org/oss-sec/2015/q3/141
https://bugs.php.net/bug.php?id=69958
http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
https://bugs.php.net/bug.php?id=69923
http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
CVE-2015-5589
CVE-2015-5590
e991ef79-e920-11e5-92ce-002590263bf5php5 -- multiple vulnerabilities

The PHP Group reports:

  • Phar:
    • Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()).
  • WDDX:
    • Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize).

Discovery 2016-03-03
Entry 2016-03-13
php55-phar
php55-wddx
lt 5.5.33

php56-phar
php56-wddx
lt 5.6.19

http://php.net/ChangeLog-5.php#5.6.19
http://php.net/ChangeLog-5.php#5.5.33
c1da8b75-6aef-11e5-9909-002590263bf5php -- multiple vulnerabilities

PHP reports:

Phar:

  • Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()).
  • Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/").

Discovery 2015-10-01
Entry 2015-10-04
Modified 2015-10-12
php5-phar
le 5.4.45

php55-phar
lt 5.5.30

php56-phar
lt 5.6.14

ports/203541
CVE-2015-7803
CVE-2015-7804
http://php.net/ChangeLog-5.php#5.5.30
http://php.net/ChangeLog-5.php#5.6.14
482d40cb-f9a3-11e5-92ce-002590263bf5php -- multiple vulnerabilities

The PHP Group reports:

  • Fileinfo:
    • Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file).
  • mbstring:
    • Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut).
  • Phar:
    • Fixed bug #71860 (Invalid memory write in phar on filename with \0 in name).
  • SNMP:
    • Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
  • Standard:
    • Fixed bug #71798 (Integer Overflow in php_raw_url_encode).

Discovery 2016-03-31
Entry 2016-04-03
php70
php70-fileinfo
php70-mbstring
php70-phar
php70-snmp
lt 7.0.5

php56
php56-fileinfo
php56-mbstring
php56-phar
php56-snmp
lt 5.6.20

php55
php55-fileinfo
php55-mbstring
php55-phar
php55-snmp
lt 5.5.34

ports/208465
http://php.net/ChangeLog-7.php#7.0.5
http://php.net/ChangeLog-5.php#5.6.20
http://php.net/ChangeLog-5.php#5.5.34
85eb4e46-cf16-11e5-840f-485d605f4717php -- multiple vulnerabilities

PHP reports:

  • Core:
    • Fixed bug #71039 (exec functions ignore length but look for NULL termination).
    • Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input).
    • Fixed bug #71459 (Integer overflow in iptcembed()).
  • PCRE:
    • Upgraded bundled PCRE library to 8.38.(CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
  • Phar:
    • Fixed bug #71354 (Heap corruption in tar/zip/phar parser).
    • Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
    • Fixed bug #71488 (Stack overflow when decompressing tar archives). (CVE-2016-2554)
  • WDDX:
    • Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).

Discovery 2016-02-04
Entry 2016-02-09
Modified 2016-03-13
php55
php55-phar
php55-wddx
lt 5.5.32

php56
php56-phar
php56-wddx
lt 5.6.18

CVE-2015-8383
CVE-2015-8386
CVE-2015-8387
CVE-2015-8389
CVE-2015-8390
CVE-2015-8391
CVE-2015-8393
CVE-2015-8394
CVE-2016-2554
http://php.net/ChangeLog-5.php#5.6.18
http://php.net/ChangeLog-5.php#5.5.32
787ef75e-44da-11e5-93ad-002590263bf5php5 -- multiple vulnerabilities

The PHP project reports:

Core:

  • Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
  • Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).

OpenSSL:

  • Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure).

Phar:

  • Improved fix for bug #69441.
  • Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).

SOAP:

  • Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).

SPL:

  • Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).
  • Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).
  • Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).
  • Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).

Discovery 2015-08-06
Entry 2015-08-17
Modified 2015-09-08
php5
php5-openssl
php5-phar
php5-soap
lt 5.4.44

php55
php55-openssl
php55-phar
php55-soap
lt 5.5.28

php56
php56-openssl
php56-phar
php56-soap
lt 5.6.12

http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833
6b110175-246d-11e6-8dd3-002590263bf5php -- multiple vulnerabilities

The PHP Group reports:

  • Core:
    • Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)
    • Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094) (PHP 5.5/5.6 only)
  • GD:
    • Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
  • Intl:
    • Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
  • Phar:
    • Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)

Discovery 2016-05-26
Entry 2016-05-28
php70-gd
php70-intl
lt 7.0.7

php56
php56-gd
lt 5.6.22

php55
php55-gd
php55-phar
lt 5.5.36

CVE-2016-5096
CVE-2016-5094
CVE-2013-7456
CVE-2016-5093
CVE-2016-4343
ports/209779
http://php.net/ChangeLog-7.php#7.0.7
http://php.net/ChangeLog-5.php#5.6.22
http://php.net/ChangeLog-5.php#5.5.36