FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f5e52bf5-fc77-11db-8163-000e0c2e438a	php -- multiple vulnerabilities The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7: Fixed CVE-2007-1001, GD wbmp used with invalid image size Fixed asciiz byte truncation inside mail() Fixed a bug in mb_parse_str() that can be used to activate register_globals Fixed unallocated memory access/double free in in array_user_key_compare() Fixed a double free inside session_regenerate_id() Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. Limit nesting level of input variables with max_input_nesting_level as fix for. Fixed CRLF injection inside ftp_putcmd(). Fixed a possible super-global overwrite inside import_request_variables(). Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. Security Enhancements and Fixes in PHP 5.2.2 only: Fixed a header injection via Subject and To parameters to the mail() function Fixed wrong length calculation in unserialize S type. Fixed substr_compare and substr_count information leak. Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). Fixed a buffer overflow inside user_filter_factory_create(). Security Enhancements and Fixes in PHP 4.4.7 only: XSS in phpinfo() Discovery 2007-05-03 Entry 2007-05-07 Modified 2014-04-01 php5-imap php5-odbc php5-session php5-shmop php5-sqlite php5-wddx php5 < 5.2.2 php4-odbc php4-session php4-shmop php4-wddx php4 < 4.4.7 mod_php4-twig mod_php4 mod_php5 mod_php php4-cgi php4-cli php4-dtc php4-horde php4-nms php5-cgi php5-cli php5-dtc php5-horde php5-nms ge 4 lt 4.4.7 ge 5 lt 5.2.2 CVE-2007-1001 http://www.php.net/releases/4_4_7.php http://www.php.net/releases/5_2_2.php

VuXML ID

Description

f5e52bf5-fc77-11db-8163-000e0c2e438a

php -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

Fixed CVE-2007-1001, GD wbmp used with invalid image size

Fixed asciiz byte truncation inside mail()

Fixed a bug in mb_parse_str() that can be used to activate register_globals

Fixed unallocated memory access/double free in in array_user_key_compare()

Fixed a double free inside session_regenerate_id()

Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.

Limit nesting level of input variables with max_input_nesting_level as fix for.

Fixed CRLF injection inside ftp_putcmd().

Fixed a possible super-global overwrite inside import_request_variables().

Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library.

Security Enhancements and Fixes in PHP 5.2.2 only:

Fixed a header injection via Subject and To parameters to the mail() function

Fixed wrong length calculation in unserialize S type.

Fixed substr_compare and substr_count information leak.

Fixed a remotely trigger-able buffer overflow inside make_http_soap_request().

Fixed a buffer overflow inside user_filter_factory_create().

Security Enhancements and Fixes in PHP 4.4.7 only:

XSS in phpinfo()

Discovery 2007-05-03
Entry 2007-05-07
Modified 2014-04-01
php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5

< 5.2.2

php4-odbc
php4-session
php4-shmop
php4-wddx
php4

< 4.4.7

mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms

ge 4 lt 4.4.7

ge 5 lt 5.2.2

CVE-2007-1001
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php