FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-09 22:37:04 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6d82c5e9-fc24-11ee-a689-04421a1baf97php -- Multiple vulnerabilities

This update includes 3 security fixes:

  • High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows
  • High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows
  • Medium CVE-2024-2756: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  • High CVE-2024-2757: mb_encode_mimeheader runs endlessly for some inputs

Discovery 2024-04-11
Entry 2024-04-16
php81
< 8.1.28

php82
< 8.2.18

php83
< 8.3.6

CVE-2024-1874
https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
CVE-2024-2756
https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
CVE-2024-3096
https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr
CVE-2024-2757
https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq