FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  518000
Date:      2019-11-20
Time:      10:57:40Z
Committer: zeising

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
de7a2b32-bd7d-11e7-b627-d43d7e971a1bPHP -- denial of service attack

The PHP project reports:

The PHP development team announces the immediate availability of PHP 5.6.32. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.25. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.1.11. This is a bugfix release, with several bug fixes included. All PHP 7.1 users are encouraged to upgrade to this version.


Discovery 2017-10-26
Entry 2017-10-30
Modified 2017-11-14
php56
lt 5.6.32

php70
lt 7.0.25

php71
lt 7.1.11

http://php.net/archive/2017.php#id2017-10-26-3
http://php.net/archive/2017.php#id2017-10-26-1
http://php.net/archive/2017.php#id2017-10-27-1
CVE-2016-1283
b6402385-533b-11e6-a7bd-14dae9d210b8php -- multiple vulnerabilities

PHP reports:

  • Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

  • Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).

  • Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).

  • Fixed bug #72519 (imagegif/output out-of-bounds access).

  • Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).

  • Fixed bug #72533 (locale_accept_from_http out-of-bounds access).

  • Fixed bug #72541 (size_t overflow lead to heap corruption).

  • Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).

  • Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).

  • Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).

  • Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).

  • Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).

  • Fixed bug #72613 (Inadequate error handling in bzread()).

  • Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).


Discovery 2016-07-21
Entry 2016-07-26
php55
lt 5.5.38

php56
lt 5.6.24

php70
lt 7.0.9

php70-curl
lt 7.0.9

php55-bz2
lt 5.5.38

php56-bz2
lt 5.6.24

php70-bz2
lt 7.0.9

php55-exif
lt 5.5.38

php56-exif
lt 5.6.24

php70-exif
lt 7.0.9

php55-gd
lt 5.5.38

php56-gd
lt 5.6.24

php70-gd
lt 7.0.9

php70-mcrypt
lt 7.0.9

php55-odbc
lt 5.5.38

php56-odbc
lt 5.6.24

php70-odbc
lt 7.0.9

php55-snmp
lt 5.5.38

php56-snmp
lt 5.6.24

php70-snmp
lt 7.0.9

php55-xmlrpc
lt 5.5.38

php56-xmlrpc
lt 5.6.24

php70-xmlrpc
lt 7.0.9

php55-zip
lt 5.5.38

php56-zip
lt 5.6.24

php70-zip
lt 7.0.9

http://www.php.net/ChangeLog-5.php#5.5.38
http://www.php.net/ChangeLog-5.php#5.6.24
http://www.php.net/ChangeLog-7.php#7.0.8
http://seclists.org/oss-sec/2016/q3/121
CVE-2015-8879
CVE-2016-5385
CVE-2016-5399
CVE-2016-6288
CVE-2016-6289
CVE-2016-6290
CVE-2016-6291
CVE-2016-6292
CVE-2016-6294
CVE-2016-6295
CVE-2016-6296
CVE-2016-6297
8d5180a6-86fe-11e6-8d93-00248c0c745dPHP -- multiple vulnerabilities

PHP reports:

  • Fixed bug #73007 (add locale length check)

  • Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)

  • Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)

  • Fixed bug #73029 (Missing type check when unserializing SplArray)

  • Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)

  • Fixed bug #72860 (wddx_deserialize use-after-free)

  • Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)


Discovery 2016-09-16
Entry 2016-09-30
php56
lt 5.6.26

http://php.net/ChangeLog-5.php#5.6.26
CVE-2016-7416
CVE-2016-7412
CVE-2016-7414
CVE-2016-7417
CVE-2016-7411
CVE-2016-7413
CVE-2016-7418
2d56308b-c0a8-11e6-a9a5-b499baebfeafPHP -- Multiple vulnerabilities

The PHP project reports:

This is a security release. Several security bugs were fixed in this release.


Discovery 2016-12-12
Entry 2016-12-12
php56
lt 5.6.29

php70
lt 7.0.14

http://php.net/archive/2016.php#id2016-12-08-1
http://php.net/archive/2016.php#id2016-12-08-2
709e025a-de8b-11e6-a9a5-b499baebfeafPHP -- undisclosed vulnerabilities

The PHP project reports:

The PHP development team announces the immediate availability of PHP 7.0.15. This is a security release. Several security bugs were fixed in this release.

The PHP development team announces the immediate availability of PHP 5.6.30. This is a security release. Several security bugs were fixed in this release.


Discovery 2017-01-19
Entry 2017-01-19
Modified 2017-01-20
php56
lt 5.6.30

php70
lt 7.0.15

http://php.net/archive/2017.php#id2017-01-19-2
http://php.net/archive/2017.php#id2017-01-19-3