FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d3921810-3c80-11e1-97e8-00215c6a37bbphp -- multiple vulnerabilities

php development team reports:

Security Enhancements and Fixes in PHP 5.3.9:

  • Added max_input_vars directive to prevent attacks based on hash collisions. (CVE-2011-4885)
  • Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (CVE-2011-4566)

Discovery 2011-12-29
Entry 2012-01-11
Modified 2012-01-19
php5
php5-exif
lt 5.3.9

php52
lt 5.2.17_5

php52-exif
lt 5.2.17_6

CVE-2011-4566
CVE-2011-4885
http://www.nruns.com/_downloads/advisory28122011.pdf
cc3bfec6-56cd-11e0-9668-001fd0d616cfphp -- crash on crafted tag in exif

US-CERT/NIST reports:

exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read.


Discovery 2011-03-20
Entry 2011-03-25
php5-exif
lt 5.3.6

CVE-2011-0708