FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
787ef75e-44da-11e5-93ad-002590263bf5	php5 -- multiple vulnerabilities The PHP project reports: Core: Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). OpenSSL: Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). Phar: Improved fix for bug #69441. Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). SOAP: Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). SPL: Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). Discovery 2015-08-06 Entry 2015-08-17 Modified 2015-09-08 php5 php5-openssl php5-phar php5-soap < 5.4.44 php55 php55-openssl php55-phar php55-soap < 5.5.28 php56 php56-openssl php56-phar php56-soap < 5.6.12 http://php.net/ChangeLog-5.php#5.4.44 http://php.net/ChangeLog-5.php#5.5.28 http://php.net/ChangeLog-5.php#5.6.12 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833
8b1f53f3-2da5-11e5-86ff-14dae9d210b8	php-phar -- multiple vulnerabilities reports: Segfault in Phar::convertToData on invalid file. Buffer overflow and stack smashing error in phar_fix_filepath. Discovery 2015-06-24 Entry 2015-07-18 Modified 2015-12-18 php56-phar < 5.6.11 php55-phar < 5.5.27 php5-phar < 5.4.43 http://seclists.org/oss-sec/2015/q3/141 https://bugs.php.net/bug.php?id=69958 http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf https://bugs.php.net/bug.php?id=69923 http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f CVE-2015-5589 CVE-2015-5590
c1da8b75-6aef-11e5-9909-002590263bf5	php -- multiple vulnerabilities PHP reports: Phar: Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"). Discovery 2015-10-01 Entry 2015-10-04 Modified 2015-10-12 php5-phar le 5.4.45 php55-phar < 5.5.30 php56-phar < 5.6.14 ports/203541 CVE-2015-7803 CVE-2015-7804 http://php.net/ChangeLog-5.php#5.5.30 http://php.net/ChangeLog-5.php#5.6.14

VuXML ID

Description

787ef75e-44da-11e5-93ad-002590263bf5

php5 -- multiple vulnerabilities

The PHP project reports:

Core:

Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).

Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).

OpenSSL:

Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure).

Phar:

Improved fix for bug #69441.

Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).

SOAP:

Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).

SPL:

Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).

Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).

Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).

Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).

Discovery 2015-08-06
Entry 2015-08-17
Modified 2015-09-08
php5
php5-openssl
php5-phar
php5-soap

< 5.4.44

php55
php55-openssl
php55-phar
php55-soap

< 5.5.28

php56
php56-openssl
php56-phar
php56-soap

< 5.6.12

http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833

8b1f53f3-2da5-11e5-86ff-14dae9d210b8

php-phar -- multiple vulnerabilities

reports:

Segfault in Phar::convertToData on invalid file.

Buffer overflow and stack smashing error in phar_fix_filepath.

Discovery 2015-06-24
Entry 2015-07-18
Modified 2015-12-18
php56-phar

< 5.6.11

php55-phar

< 5.5.27

php5-phar

< 5.4.43

http://seclists.org/oss-sec/2015/q3/141
https://bugs.php.net/bug.php?id=69958
http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
https://bugs.php.net/bug.php?id=69923
http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
CVE-2015-5589
CVE-2015-5590

c1da8b75-6aef-11e5-9909-002590263bf5

php -- multiple vulnerabilities

PHP reports:

Phar:

Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()).

Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/").

Discovery 2015-10-01
Entry 2015-10-04
Modified 2015-10-12
php5-phar

le 5.4.45

php55-phar

< 5.5.30

php56-phar

< 5.6.14

ports/203541
CVE-2015-7803
CVE-2015-7804
http://php.net/ChangeLog-5.php#5.5.30
http://php.net/ChangeLog-5.php#5.6.14