FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
333f655a-b93a-11e5-9efa-5453ed2e2b49p5-PathTools -- File::Spec::canonpath loses taint

Ricardo Signes reports:

Beginning in PathTools 3.47 and/or perl 5.20.0, the File::Spec::canonpath() routine returned untained strings even if passed tainted input. This defect undermines the guarantee of taint propagation, which is sometimes used to ensure that unvalidated user input does not reach sensitive code.

This defect was found and reported by David Golden of MongoDB.


Discovery 2016-01-11
Entry 2016-01-12
Modified 2016-08-22
p5-PathTools
gt 3.4000 lt 3.6200

perl5
perl5.20
perl5.22
perl5-devel
ge 5.19.9 lt 5.20.2

ge 5.21.0 lt 5.22.2

ge 5.23.0 lt 5.23.7

CVE-2015-8607
https://rt.perl.org/Public/Bug/Display.html?id=126862
3e08047f-5a6c-11e6-a6c3-14dae9d210b8p5-XSLoader -- local arbitrary code execution

Jakub Wilk reports:

XSLoader tries to load code from a subdirectory in the cwd when called inside a string eval


Discovery 2016-06-30
Entry 2016-08-04
Modified 2016-08-22
p5-XSLoader
< 0.22

perl5
perl5.18
perl5.20
perl5.22
perl5.24
perl5-devel
< 5.18.4_24

ge 5.20 lt 5.20.3_15

ge 5.21 lt 5.22.3.r2

ge 5.23 lt 5.24.1.r2

ge 5.25 lt 5.25.2.87

perl
ge 0

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829578
CVE-2016-6185
41c96ffd-29a6-4dcc-9a88-65f5038fa6ebperl -- multiple vulnerabilities

perldelta:

CVE-2018-6797: heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)

A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written. [perl #132227]

CVE-2018-6798: Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)

Matching a crafted locale dependent regular expression could cause a heap buffer read overflow and potentially information disclosure. [perl #132063]

CVE-2018-6913: heap-buffer-overflow in S_pack_rec

pack() could cause a heap buffer write overflow with a large item count. [perl #131844]


Discovery 2018-04-14
Entry 2018-04-15
perl5
ge 5.24.0 lt 5.24.4

ge 5.26.0 lt 5.26.2

https://metacpan.org/changes/release/SHAY/perl-5.26.2
https://metacpan.org/changes/release/SHAY/perl-5.24.4
CVE-2018-6797
CVE-2018-6798
CVE-2018-6913
72bfbb09-5a6a-11e6-a6c3-14dae9d210b8perl -- local arbitrary code execution

Sawyer X reports:

Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.


Discovery 2016-07-21
Entry 2016-08-04
Modified 2016-08-22
perl5
perl5.18
perl5.20
perl5.22
perl5.24
perl5-devel
< 5.18.4_23

ge 5.20 lt 5.20.3_14

ge 5.21 lt 5.22.3.r2

ge 5.23 lt 5.24.1.r2

ge 5.25 lt 5.25.3.18

perl
ge 0

http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
CVE-2016-1238
7fe7df75-6568-11e6-a590-14dae9d210b8End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.


Discovery 2016-08-18
Entry 2016-08-18
Modified 2016-10-18
python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
ge 0

php54
php53
php52
php5
php4
ge 0

perl5
< 5.18

perl5.16
perl5.14
perl5.12
perl
ge 0

ruby
ruby_static
< 2.1,1

unifi2
unifi3
ge 0

apache21
apache20
apache13
ge 0

tomcat55
tomcat41
ge 0

mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
ge 0

postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
ge 0

ports/211975
d9e82328-a129-11e7-987e-4f174049b30aperl -- multiple vulnerabilities

SO-AND-SO reports:

CVE-2017-12814: $ENV{$key} stack buffer overflow on Windows

A possible stack buffer overflow in the %ENV code on Windows has been fixed by removing the buffer completely since it was superfluous anyway.

CVE-2017-12837: Heap buffer overflow in regular expression compiler

Compiling certain regular expression patterns with the case-insensitive modifier could cause a heap buffer overflow and crash perl. This has now been fixed.

CVE-2017-12883: Buffer over-read in regular expression parser

For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed.


Discovery 2017-09-19
Entry 2017-09-24
perl5
ge 5.24.0 lt 5.24.3

ge 5.26.0 lt 5.26.1

https://metacpan.org/changes/release/SHAY/perl-5.24.3
https://metacpan.org/changes/release/SHAY/perl-5.26.1
CVE-2017-12814
CVE-2017-12837
CVE-2017-12883
d9f99491-1656-11e6-94fa-002590263bf5perl5 -- taint mechanism bypass vulnerability

MITRE reports:

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.


Discovery 2016-04-08
Entry 2016-05-10
Modified 2016-08-22
perl5
< 5.18.4_21

ge 5.20.0 lt 5.20.3_12

ge 5.22.0 lt 5.22.1_8

perl5.18
ge 5.18.0 lt 5.18.4_21

perl5.20
ge 5.20.0 lt 5.20.3_12

perl5.22
ge 5.22.0 lt 5.22.1_8

perl
ge 0

CVE-2016-2381
ports/208879