FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6a7c2ab0-00dd-11ea-83ce-705a0f828759php -- env_path_info underflow in fpm_main.c can lead to RCE

The PHP project reports:

The PHP development team announces the immediate availability of PHP 7.3.11. This is a security release which also contains several bug fixes.

The PHP development team announces the immediate availability of PHP 7.2.24. This is a security release which also contains several bug fixes.

The PHP development team announces the immediate availability of PHP 7.1.33. This is a security release which also contains several bug fixes.


Discovery 2019-10-24
Entry 2019-11-06
php71
< 7.1.33

php72
< 7.2.24

php73
< 7.3.11

php74
< 7.4.0.rc5

CVE-2019-11043
https://www.php.net/archive/2019.php#2019-10-24-1
https://www.php.net/archive/2019.php#2019-10-24-2
https://www.php.net/archive/2019.php#2019-10-24-3
ee261034-b95e-4479-b947-08b0877e029fphp72 -- use of freed hash key

grigoritchy at gmail dot com reports:

The phar_parse_zipfile function had use-after-free vulnerability because of mishandling of the actual_alias variable.


Discovery 2020-07-06
Entry 2020-08-27
php72
< 7.2.33

php73
< 7.3.21

php74
< 7.4.9

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7068
CVE-2020-7068