FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f7a9e415-bdca-11e4-970c-000c292ee6b8php5 -- multiple vulnerabilities

The PHP Project reports:

Use after free vulnerability in unserialize() with DateTimeZone.

Mitigation for CVE-2015-0235 -- GHOST: glibc gethostbyname buffer overflow.


Discovery 2015-02-18
Entry 2015-02-26
php5
< 5.4.38

php55
< 5.5.22

php56
< 5.6.6

CVE-2015-0235
CVE-2015-0273
http://php.net/ChangeLog-5.php#5.4.38
http://php.net/ChangeLog-5.php#5.5.22
http://php.net/ChangeLog-5.php#5.6.6
31de2e13-00d2-11e5-a072-d050996490d0php -- multiple vulnerabilities

PHP development team reports:

Fixed bug #69364 (PHP Multipart/form-data remote DoS Vulnerability). (CVE-2015-4024)

Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (CVE-2015-4025)

Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (CVE-2015-4022)

Fixed bug #68598 (pcntl_exec() should not allow null char). (CVE-2015-4026)

Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (CVE-2015-4021)


Discovery 2015-05-14
Entry 2015-05-22
php5
< 5.4.41

php55
< 5.5.25

php56
< 5.6.9

CVE-2015-4021
CVE-2015-4022
CVE-2015-4024
CVE-2015-4025
CVE-2015-4026
https://php.net/ChangeLog-5.php#5.6.9
7fe7df75-6568-11e6-a590-14dae9d210b8End of Life Ports

These packages have reached End of Life status and/or have been removed from the Ports Tree. They may contain undocumented security issues. Please take caution and find alternative software as soon as possible.


Discovery 2016-08-18
Entry 2016-08-18
Modified 2016-10-18
python32
python31
python30
python26
python25
python24
python23
python22
python21
python20
python15
ge 0

php54
php53
php52
php5
php4
ge 0

perl5
< 5.18

perl5.16
perl5.14
perl5.12
perl
ge 0

ruby
ruby_static
< 2.1,1

unifi2
unifi3
ge 0

apache21
apache20
apache13
ge 0

tomcat55
tomcat41
ge 0

mysql51-client
mysql51-server
mysql50-client
mysql50-server
mysql41-client
mysql41-server
mysql40-client
mysql40-server
ge 0

postgresql90-client
postgresql90-server
postgresql84-client
postgresql84-server
postgresql83-client
postgresql83-server
postgresql82-client
postgresql82-server
postgresql81-client
postgresql81-server
postgresql80-client
postgresql80-server
postgresql74-client
postgresql74-server
postgresql73-client
postgresql73-server
postgresql72-client
postgresql72-server
postgresql71-client
postgresql71-server
postgresql7-client
postgresql7-server
ge 0

ports/211975
5a1d5d74-29a0-11e5-86ff-14dae9d210b8php -- arbitrary code execution

cmb reports:

When delayed variable substitution is enabled (can be set in the Registry, for instance), !ENV! works similar to %ENV%, and the value of the environment variable ENV will be subsituted.


Discovery 2015-06-07
Entry 2015-07-13
php56
< 5.6.11

php55
< 5.5.27

php5
< 5.4.43

https://bugs.php.net/bug.php?id=69768
1e232a0c-eb57-11e4-b595-4061861086c1Several vulnerabilities found in PHP

The PHP project reports:

The PHP development team announces the immediate availability of PHP 5.4.40. 14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 5.5.24. Several bugs have been fixed, some of them being security related, like CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 5.6.8. Several bugs have been fixed, some of them being security related, like CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users are encouraged to upgrade to this version.


Discovery 2015-04-16
Entry 2015-04-25
Modified 2015-05-22
php5
< 5.4.40

php55
< 5.5.24

php56
< 5.6.8

http://php.net/archive/2015.php#id2015-04-16-2
CVE-2014-9709
CVE-2015-2301
CVE-2015-2783
CVE-2015-1351
CVE-2015-1352
ports/199585
af7fbd91-29a1-11e5-86ff-14dae9d210b8php -- use-after-free vulnerability

Symeon Paraschoudis reports:

Use-after-free vulnerability in spl_recursive_it_move_forward_ex()


Discovery 2015-06-30
Entry 2015-07-13
php56
< 5.6.11

php55
< 5.5.27

php5
< 5.4.43

https://bugs.php.net/bug.php?id=69970
3d675519-5654-11e5-9ad8-14dae9d210b8php -- multiple vulnerabilities

PHP reports:

  • Core:
    • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
    • Fixed bug #70219 (Use after free vulnerability in session deserializer).
  • EXIF:
    • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
  • hash:
    • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
  • PCRE:
    • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
  • SOAP:
    • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
  • SPL:
    • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
    • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
  • XSLT:
    • Fixed bug #69782 (NULL pointer dereference).
  • ZIP:
    • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

Discovery 2015-09-03
Entry 2015-09-08
Modified 2015-09-08
php5
php5-soap
php5-xsl
< 5.4.45

php55
php55-soap
php55-xsl
< 5.5.29

php56
php56-soap
php56-xsl
< 5.6.13

http://php.net/ChangeLog-5.php#5.4.45
http://php.net/ChangeLog-5.php#5.5.29
http://php.net/ChangeLog-5.php#5.6.13
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838
742563d4-d776-11e4-b595-4061861086c1Several vulnerabilities found in PHP

The PHP project reports:

The PHP development team announces the immediate availability of PHP 5.6.7. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.6 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 5.5.23. Several bugs have been fixed as well as CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.5 users are encouraged to upgrade to this version.

The PHP development team announces the immediate availability of PHP 5.4.39. Six security-related bugs were fixed in this release, including CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331. All PHP 5.4 users are encouraged to upgrade to this version.


Discovery 2015-03-19
Entry 2015-04-01
php53
le 5.3.29_5

php5
< 5.4.39

php55
< 5.5.23

php56
< 5.6.7

http://php.net/archive/2015.php#id2015-03-20-2
CVE-2015-0231
CVE-2015-2305
CVE-2015-2311
ports/198739
787ef75e-44da-11e5-93ad-002590263bf5php5 -- multiple vulnerabilities

The PHP project reports:

Core:

  • Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
  • Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).

OpenSSL:

  • Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure).

Phar:

  • Improved fix for bug #69441.
  • Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).

SOAP:

  • Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).

SPL:

  • Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).
  • Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).
  • Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).
  • Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).

Discovery 2015-08-06
Entry 2015-08-17
Modified 2015-09-08
php5
php5-openssl
php5-phar
php5-soap
< 5.4.44

php55
php55-openssl
php55-phar
php55-soap
< 5.5.28

php56
php56-openssl
php56-phar
php56-soap
< 5.6.12

http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833