FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
66d77c58-3b1d-11e6-8e82-002590263bf5php -- multiple vulnerabilities

The PHP Group reports:

Please reference CVE/URL list for details


Discovery 2016-06-23
Entry 2016-06-25
php55
php55-gd
php55-mbstring
php55-wddx
php55-zip
< 5.5.37

php56
php56-gd
php56-mbstring
php56-phar
php56-wddx
php56-zip
< 5.6.23

php70
php70-gd
php70-mbstring
php70-phar
php70-wddx
php70-zip
< 7.0.8

CVE-2015-8874
CVE-2016-5766
CVE-2016-5767
CVE-2016-5768
CVE-2016-5769
CVE-2016-5770
CVE-2016-5771
CVE-2016-5772
CVE-2016-5773
ports/210491
ports/210502
http://php.net/ChangeLog-5.php#5.5.37
http://php.net/ChangeLog-5.php#5.6.23
http://php.net/ChangeLog-7.php#7.0.8
5764c634-10d2-11e6-94fa-002590263bf5php -- multiple vulnerabilities

The PHP Group reports:

  • BCMath:
    • Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition).
  • Exif:
    • Fixed bug #72094 (Out of bounds heap read access in exif header processing).
  • GD:
    • Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074)
  • Intl:
    • Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset).
  • XML:
    • Fixed bug #72099 (xml_parse_into_struct segmentation fault).

Discovery 2016-04-28
Entry 2016-05-03
php70
php70-bcmath
php70-exif
php70-gd
php70-xml
< 7.0.6

php56
php56-bcmath
php56-exif
php56-gd
php56-xml
< 5.6.21

php55
php55-bcmath
php55-exif
php55-gd
php55-xml
< 5.5.35

CVE-2016-3074
ports/209145
http://www.php.net/ChangeLog-7.php#7.0.6
http://www.php.net/ChangeLog-5.php#5.6.21
http://www.php.net/ChangeLog-5.php#5.5.35
2d56308b-c0a8-11e6-a9a5-b499baebfeafPHP -- Multiple vulnerabilities

The PHP project reports:

This is a security release. Several security bugs were fixed in this release.


Discovery 2016-12-12
Entry 2016-12-12
php56
< 5.6.29

php70
< 7.0.14

http://php.net/archive/2016.php#id2016-12-08-1
http://php.net/archive/2016.php#id2016-12-08-2
6b110175-246d-11e6-8dd3-002590263bf5php -- multiple vulnerabilities

The PHP Group reports:

  • Core:
    • Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)
    • Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094) (PHP 5.5/5.6 only)
  • GD:
    • Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
  • Intl:
    • Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
  • Phar:
    • Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)

Discovery 2016-05-26
Entry 2016-05-28
php70-gd
php70-intl
< 7.0.7

php56
php56-gd
< 5.6.22

php55
php55-gd
php55-phar
< 5.5.36

CVE-2016-5096
CVE-2016-5094
CVE-2013-7456
CVE-2016-5093
CVE-2016-4343
ports/209779
http://php.net/ChangeLog-7.php#7.0.7
http://php.net/ChangeLog-5.php#5.6.22
http://php.net/ChangeLog-5.php#5.5.36
b6402385-533b-11e6-a7bd-14dae9d210b8php -- multiple vulnerabilities

PHP reports:

  • Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns)

  • Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).

  • Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).

  • Fixed bug #72519 (imagegif/output out-of-bounds access).

  • Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).

  • Fixed bug #72533 (locale_accept_from_http out-of-bounds access).

  • Fixed bug #72541 (size_t overflow lead to heap corruption).

  • Fixed bug #72551, bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).

  • Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).

  • Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).

  • Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).

  • Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).

  • Fixed bug #72613 (Inadequate error handling in bzread()).

  • Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).


Discovery 2016-07-21
Entry 2016-07-26
php55
< 5.5.38

php56
< 5.6.24

php70
< 7.0.9

php70-curl
< 7.0.9

php55-bz2
< 5.5.38

php56-bz2
< 5.6.24

php70-bz2
< 7.0.9

php55-exif
< 5.5.38

php56-exif
< 5.6.24

php70-exif
< 7.0.9

php55-gd
< 5.5.38

php56-gd
< 5.6.24

php70-gd
< 7.0.9

php70-mcrypt
< 7.0.9

php55-odbc
< 5.5.38

php56-odbc
< 5.6.24

php70-odbc
< 7.0.9

php55-snmp
< 5.5.38

php56-snmp
< 5.6.24

php70-snmp
< 7.0.9

php55-xmlrpc
< 5.5.38

php56-xmlrpc
< 5.6.24

php70-xmlrpc
< 7.0.9

php55-zip
< 5.5.38

php56-zip
< 5.6.24

php70-zip
< 7.0.9

http://www.php.net/ChangeLog-5.php#5.5.38
http://www.php.net/ChangeLog-5.php#5.6.24
http://www.php.net/ChangeLog-7.php#7.0.8
http://seclists.org/oss-sec/2016/q3/121
CVE-2015-8879
CVE-2016-5385
CVE-2016-5399
CVE-2016-6288
CVE-2016-6289
CVE-2016-6290
CVE-2016-6291
CVE-2016-6292
CVE-2016-6294
CVE-2016-6295
CVE-2016-6296
CVE-2016-6297
de7a2b32-bd7d-11e7-b627-d43d7e971a1bPHP -- denial of service attack

The PHP project reports:

The PHP development team announces the immediate availability of PHP 5.6.32. This is a security release. Several security bugs were fixed in this release. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.0.25. This is a security release. Several security bugs were fixed in this release. All PHP 7.0 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 7.1.11. This is a bugfix release, with several bug fixes included. All PHP 7.1 users are encouraged to upgrade to this version.


Discovery 2017-10-26
Entry 2017-10-30
Modified 2017-11-14
php56
< 5.6.32

php70
< 7.0.25

php71
< 7.1.11

http://php.net/archive/2017.php#id2017-10-26-3
http://php.net/archive/2017.php#id2017-10-26-1
http://php.net/archive/2017.php#id2017-10-27-1
CVE-2016-1283
8d5180a6-86fe-11e6-8d93-00248c0c745dPHP -- multiple vulnerabilities

PHP reports:

  • Fixed bug #73007 (add locale length check)

  • Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields)

  • Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile)

  • Fixed bug #73029 (Missing type check when unserializing SplArray)

  • Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction)

  • Fixed bug #72860 (wddx_deserialize use-after-free)

  • Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element)


Discovery 2016-09-16
Entry 2016-09-30
php56
< 5.6.26

http://php.net/ChangeLog-5.php#5.6.26
CVE-2016-7416
CVE-2016-7412
CVE-2016-7414
CVE-2016-7417
CVE-2016-7411
CVE-2016-7413
CVE-2016-7418
482d40cb-f9a3-11e5-92ce-002590263bf5php -- multiple vulnerabilities

The PHP Group reports:

  • Fileinfo:
    • Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file).
  • mbstring:
    • Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut).
  • Phar:
    • Fixed bug #71860 (Invalid memory write in phar on filename with \0 in name).
  • SNMP:
    • Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
  • Standard:
    • Fixed bug #71798 (Integer Overflow in php_raw_url_encode).

Discovery 2016-03-31
Entry 2016-04-03
php70
php70-fileinfo
php70-mbstring
php70-phar
php70-snmp
< 7.0.5

php56
php56-fileinfo
php56-mbstring
php56-phar
php56-snmp
< 5.6.20

php55
php55-fileinfo
php55-mbstring
php55-phar
php55-snmp
< 5.5.34

ports/208465
http://php.net/ChangeLog-7.php#7.0.5
http://php.net/ChangeLog-5.php#5.6.20
http://php.net/ChangeLog-5.php#5.5.34
709e025a-de8b-11e6-a9a5-b499baebfeafPHP -- undisclosed vulnerabilities

The PHP project reports:

The PHP development team announces the immediate availability of PHP 7.0.15. This is a security release. Several security bugs were fixed in this release.

The PHP development team announces the immediate availability of PHP 5.6.30. This is a security release. Several security bugs were fixed in this release.


Discovery 2017-01-19
Entry 2017-01-19
Modified 2017-01-20
php56
< 5.6.30

php70
< 7.0.15

http://php.net/archive/2017.php#id2017-01-19-2
http://php.net/archive/2017.php#id2017-01-19-3