diff options
author | Jason Unovitch <junovitch@FreeBSD.org> | 2016-05-28 01:40:53 +0000 |
---|---|---|
committer | Jason Unovitch <junovitch@FreeBSD.org> | 2016-05-28 01:40:53 +0000 |
commit | 94f802756579349aa2415d5badf2e6dc889de8bb (patch) | |
tree | f6a09a48066cd0ceadbe8c503b5f7d876f1dd71d | |
parent | 4f72bffa28ae47ec1ab455cac38e6591617c7184 (diff) | |
download | ports-94f802756579349aa2415d5badf2e6dc889de8bb.tar.gz ports-94f802756579349aa2415d5badf2e6dc889de8bb.zip |
Document security issues fixed in PHP 7.0.7, 5.6.22, and 5.5.36
PR: 209779
Reported by: Fabiano Sidler <fabianosidler@swissonline.ch>
Security: CVE-2013-7456
Security: CVE-2016-4343
Security: CVE-2016-5093
Security: CVE-2016-5094
Security: CVE-2016-5096
Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html
Notes
Notes:
svn path=/head/; revision=415969
-rw-r--r-- | security/vuxml/vuln.xml | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index a6e0d50ca194..ed032298eeb9 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,73 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6b110175-246d-11e6-8dd3-002590263bf5"> + <topic>php -- multiple vulnerabilities</topic> + <affects> + <package> + <name>php70-gd</name> + <name>php70-intl</name> + <range><lt>7.0.7</lt></range> + </package> + <package> + <name>php56</name> + <name>php56-gd</name> + <range><lt>5.6.22</lt></range> + </package> + <package> + <name>php55</name> + <name>php55-gd</name> + <name>php55-phar</name> + <range><lt>5.5.36</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The PHP Group reports:</p> + <blockquote cite="http://php.net/ChangeLog-5.php#5.5.36"> + <ul><li>Core: + <ul> + <li>Fixed bug #72114 (Integer underflow / arbitrary null write in + fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)</li> + <li>Fixed bug #72135 (Integer Overflow in php_html_entities). + (CVE-2016-5094) (PHP 5.5/5.6 only)</li> + </ul></li> + <li>GD: + <ul> + <li>Fixed bug #72227 (imagescale out-of-bounds read). + (CVE-2013-7456)</li> + </ul></li> + <li>Intl: + <ul> + <li>Fixed bug #72241 (get_icu_value_internal out-of-bounds read). + (CVE-2016-5093)</li> + </ul></li> + <li>Phar: + <ul> + <li>Fixed bug #71331 (Uninitialized pointer in + phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)</li> + </ul></li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-5096</cvename> + <cvename>CVE-2016-5094</cvename> + <cvename>CVE-2013-7456</cvename> + <cvename>CVE-2016-5093</cvename> + <cvename>CVE-2016-4343</cvename> + <freebsdpr>ports/209779</freebsdpr> + <url>http://php.net/ChangeLog-7.php#7.0.7</url> + <url>http://php.net/ChangeLog-5.php#5.6.22</url> + <url>http://php.net/ChangeLog-5.php#5.5.36</url> + </references> + <dates> + <discovery>2016-05-26</discovery> + <entry>2016-05-28</entry> + </dates> + </vuln> + <vuln vid="00ec1be1-22bb-11e6-9ead-6805ca0b3d42"> <topic>phpmyadmin -- XSS and sensitive data leakage</topic> <affects> |