FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7fcf1727-be71-11db-b2ec-000c6ec775d9php -- multiple vulnerabilities

Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities.

The session extension contained safe_mode and open_basedir bypasses, but the FreeBSD Security Officer does not consider these real security vulnerabilities, since safe_mode and open_basedir are insecure by design and should not be relied upon.


Discovery 2007-02-09
Entry 2007-02-17
Modified 2013-04-01
php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5
< 5.2.1_2

php4-odbc
php4-session
php4-shmop
php4-wddx
php4
< 4.4.5

mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms
>= 4 lt 4.4.5

>= 5 lt 5.2.1_2

CVE-2007-0905
CVE-2007-0906
CVE-2007-0907
CVE-2007-0908
CVE-2007-0909
CVE-2007-0910
CVE-2007-0988
http://secunia.com/advisories/24089/
http://www.php.net/releases/4_4_5.php
http://www.php.net/releases/5_2_1.php
f5e52bf5-fc77-11db-8163-000e0c2e438aphp -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

  • Fixed CVE-2007-1001, GD wbmp used with invalid image size
  • Fixed asciiz byte truncation inside mail()
  • Fixed a bug in mb_parse_str() that can be used to activate register_globals
  • Fixed unallocated memory access/double free in in array_user_key_compare()
  • Fixed a double free inside session_regenerate_id()
  • Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.
  • Limit nesting level of input variables with max_input_nesting_level as fix for.
  • Fixed CRLF injection inside ftp_putcmd().
  • Fixed a possible super-global overwrite inside import_request_variables().
  • Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library.

Security Enhancements and Fixes in PHP 5.2.2 only:

  • Fixed a header injection via Subject and To parameters to the mail() function
  • Fixed wrong length calculation in unserialize S type.
  • Fixed substr_compare and substr_count information leak.
  • Fixed a remotely trigger-able buffer overflow inside make_http_soap_request().
  • Fixed a buffer overflow inside user_filter_factory_create().

Security Enhancements and Fixes in PHP 4.4.7 only:

  • XSS in phpinfo()

Discovery 2007-05-03
Entry 2007-05-07
Modified 2014-04-01
php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5
< 5.2.2

php4-odbc
php4-session
php4-shmop
php4-wddx
php4
< 4.4.7

mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms
>= 4 lt 4.4.7

>= 5 lt 5.2.2

CVE-2007-1001
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php