FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
af7fbd91-29a1-11e5-86ff-14dae9d210b8php -- use-after-free vulnerability

Symeon Paraschoudis reports:

Use-after-free vulnerability in spl_recursive_it_move_forward_ex()


Discovery 2015-06-30
Entry 2015-07-13
php56
< 5.6.11

php55
< 5.5.27

php5
< 5.4.43

https://bugs.php.net/bug.php?id=69970
5a1d5d74-29a0-11e5-86ff-14dae9d210b8php -- arbitrary code execution

cmb reports:

When delayed variable substitution is enabled (can be set in the Registry, for instance), !ENV! works similar to %ENV%, and the value of the environment variable ENV will be subsituted.


Discovery 2015-06-07
Entry 2015-07-13
php56
< 5.6.11

php55
< 5.5.27

php5
< 5.4.43

https://bugs.php.net/bug.php?id=69768
787ef75e-44da-11e5-93ad-002590263bf5php5 -- multiple vulnerabilities

The PHP project reports:

Core:

  • Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
  • Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).

OpenSSL:

  • Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure).

Phar:

  • Improved fix for bug #69441.
  • Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).

SOAP:

  • Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).

SPL:

  • Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).
  • Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).
  • Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).
  • Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).

Discovery 2015-08-06
Entry 2015-08-17
Modified 2015-09-08
php5
php5-openssl
php5-phar
php5-soap
< 5.4.44

php55
php55-openssl
php55-phar
php55-soap
< 5.5.28

php56
php56-openssl
php56-phar
php56-soap
< 5.6.12

http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833
3d675519-5654-11e5-9ad8-14dae9d210b8php -- multiple vulnerabilities

PHP reports:

  • Core:
    • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
    • Fixed bug #70219 (Use after free vulnerability in session deserializer).
  • EXIF:
    • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
  • hash:
    • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
  • PCRE:
    • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
  • SOAP:
    • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
  • SPL:
    • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
    • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
  • XSLT:
    • Fixed bug #69782 (NULL pointer dereference).
  • ZIP:
    • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

Discovery 2015-09-03
Entry 2015-09-08
Modified 2015-09-08
php5
php5-soap
php5-xsl
< 5.4.45

php55
php55-soap
php55-xsl
< 5.5.29

php56
php56-soap
php56-xsl
< 5.6.13

http://php.net/ChangeLog-5.php#5.4.45
http://php.net/ChangeLog-5.php#5.5.29
http://php.net/ChangeLog-5.php#5.6.13
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838
7fe7df75-6568-11e6-a590-14dae9d210b8End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.


Discovery 2016-08-18
Entry 2016-08-18
Modified 2016-10-18
python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
ge 0

php54
php53
php52
php5
php4
ge 0

perl5
< 5.18

perl5.16
perl5.14
perl5.12
perl
ge 0

ruby
ruby_static
< 2.1,1

unifi2
unifi3
ge 0

apache21
apache20
apache13
ge 0

tomcat55
tomcat41
ge 0

mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
ge 0

postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
ge 0

ports/211975