FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
787ef75e-44da-11e5-93ad-002590263bf5	php5 -- multiple vulnerabilities The PHP project reports: Core: Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). OpenSSL: Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). Phar: Improved fix for bug #69441. Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). SOAP: Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). SPL: Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). Discovery 2015-08-06 Entry 2015-08-17 Modified 2015-09-08 php5 php5-openssl php5-phar php5-soap < 5.4.44 php55 php55-openssl php55-phar php55-soap < 5.5.28 php56 php56-openssl php56-phar php56-soap < 5.6.12 http://php.net/ChangeLog-5.php#5.4.44 http://php.net/ChangeLog-5.php#5.5.28 http://php.net/ChangeLog-5.php#5.6.12 CVE-2015-6831 CVE-2015-6832 CVE-2015-6833
3d675519-5654-11e5-9ad8-14dae9d210b8	php -- multiple vulnerabilities PHP reports: Core: Fixed bug #70172 (Use After Free Vulnerability in unserialize()). Fixed bug #70219 (Use after free vulnerability in session deserializer). EXIF: Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). hash: Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). PCRE: Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). SOAP: Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). SPL: Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). XSLT: Fixed bug #69782 (NULL pointer dereference). ZIP: Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). Discovery 2015-09-03 Entry 2015-09-08 Modified 2015-09-08 php5 php5-soap php5-xsl < 5.4.45 php55 php55-soap php55-xsl < 5.5.29 php56 php56-soap php56-xsl < 5.6.13 http://php.net/ChangeLog-5.php#5.4.45 http://php.net/ChangeLog-5.php#5.5.29 http://php.net/ChangeLog-5.php#5.6.13 CVE-2015-6834 CVE-2015-6835 CVE-2015-6836 CVE-2015-6837 CVE-2015-6838

VuXML ID

Description

787ef75e-44da-11e5-93ad-002590263bf5

php5 -- multiple vulnerabilities

The PHP project reports:

Core:

Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).

Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).

OpenSSL:

Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure).

Phar:

Improved fix for bug #69441.

Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).

SOAP:

Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).

SPL:

Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).

Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).

Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).

Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).

Discovery 2015-08-06
Entry 2015-08-17
Modified 2015-09-08
php5
php5-openssl
php5-phar
php5-soap

< 5.4.44

php55
php55-openssl
php55-phar
php55-soap

< 5.5.28

php56
php56-openssl
php56-phar
php56-soap

< 5.6.12

http://php.net/ChangeLog-5.php#5.4.44
http://php.net/ChangeLog-5.php#5.5.28
http://php.net/ChangeLog-5.php#5.6.12
CVE-2015-6831
CVE-2015-6832
CVE-2015-6833

3d675519-5654-11e5-9ad8-14dae9d210b8

php -- multiple vulnerabilities

PHP reports:

Core:

Fixed bug #70172 (Use After Free Vulnerability in unserialize()).

Fixed bug #70219 (Use after free vulnerability in session deserializer).

EXIF:

Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).

hash:

Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).

PCRE:

Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).

SOAP:

Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).

SPL:

Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).

Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).

XSLT:

Fixed bug #69782 (NULL pointer dereference).

ZIP:

Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

Discovery 2015-09-03
Entry 2015-09-08
Modified 2015-09-08
php5
php5-soap
php5-xsl

< 5.4.45

php55
php55-soap
php55-xsl

< 5.5.29

php56
php56-soap
php56-xsl

< 5.6.13

http://php.net/ChangeLog-5.php#5.4.45
http://php.net/ChangeLog-5.php#5.5.29
http://php.net/ChangeLog-5.php#5.6.13
CVE-2015-6834
CVE-2015-6835
CVE-2015-6836
CVE-2015-6837
CVE-2015-6838