FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
66d77c58-3b1d-11e6-8e82-002590263bf5php -- multiple vulnerabilities

The PHP Group reports:

Please reference CVE/URL list for details


Discovery 2016-06-23
Entry 2016-06-25
php55
php55-gd
php55-mbstring
php55-wddx
php55-zip
< 5.5.37

php56
php56-gd
php56-mbstring
php56-phar
php56-wddx
php56-zip
< 5.6.23

php70
php70-gd
php70-mbstring
php70-phar
php70-wddx
php70-zip
< 7.0.8

CVE-2015-8874
CVE-2016-5766
CVE-2016-5767
CVE-2016-5768
CVE-2016-5769
CVE-2016-5770
CVE-2016-5771
CVE-2016-5772
CVE-2016-5773
ports/210491
ports/210502
http://php.net/ChangeLog-5.php#5.5.37
http://php.net/ChangeLog-5.php#5.6.23
http://php.net/ChangeLog-7.php#7.0.8
6b771fe2-b84e-11e5-92f9-485d605f4717php -- multiple vulnerabilities

PHP reports:

  • Core:
    • Fixed bug #70755 (fpm_log.c memory leak and buffer overflow).
  • GD:
    • Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds).
  • SOAP:
    • Fixed bug #70900 (SoapClient systematic out of memory error).
  • Wddx
    • Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
    • Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability).
  • XMLRPC:
    • Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()).

Discovery 2016-01-07
Entry 2016-01-11
php55
php55-gd
php55-wddx
php55-xmlrpc
< 5.5.31

php56
php56-gd
php56-soap
php56-wddx
php56-xmlrpc
< 5.6.17

http://www.php.net/ChangeLog-5.php#5.5.31
http://www.php.net/ChangeLog-5.php#5.6.17
85eb4e46-cf16-11e5-840f-485d605f4717php -- multiple vulnerabilities

PHP reports:

  • Core:
    • Fixed bug #71039 (exec functions ignore length but look for NULL termination).
    • Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input).
    • Fixed bug #71459 (Integer overflow in iptcembed()).
  • PCRE:
    • Upgraded bundled PCRE library to 8.38.(CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
  • Phar:
    • Fixed bug #71354 (Heap corruption in tar/zip/phar parser).
    • Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
    • Fixed bug #71488 (Stack overflow when decompressing tar archives). (CVE-2016-2554)
  • WDDX:
    • Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).

Discovery 2016-02-04
Entry 2016-02-09
Modified 2016-03-13
php55
php55-phar
php55-wddx
< 5.5.32

php56
php56-phar
php56-wddx
< 5.6.18

CVE-2015-8383
CVE-2015-8386
CVE-2015-8387
CVE-2015-8389
CVE-2015-8390
CVE-2015-8391
CVE-2015-8393
CVE-2015-8394
CVE-2016-2554
http://php.net/ChangeLog-5.php#5.6.18
http://php.net/ChangeLog-5.php#5.5.32
e991ef79-e920-11e5-92ce-002590263bf5php5 -- multiple vulnerabilities

The PHP Group reports:

  • Phar:
    • Fixed bug #71498 (Out-of-Bound Read in phar_parse_zipfile()).
  • WDDX:
    • Fixed bug #71587 (Use-After-Free / Double-Free in WDDX Deserialize).

Discovery 2016-03-03
Entry 2016-03-13
php55-phar
php55-wddx
< 5.5.33

php56-phar
php56-wddx
< 5.6.19

http://php.net/ChangeLog-5.php#5.6.19
http://php.net/ChangeLog-5.php#5.5.33