FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID Description

VuXML ID	Description
f5e52bf5-fc77-11db-8163-000e0c2e438a	php -- multiple vulnerabilities The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7: Fixed CVE-2007-1001, GD wbmp used with invalid image size Fixed asciiz byte truncation inside mail() Fixed a bug in mb_parse_str() that can be used to activate register_globals Fixed unallocated memory access/double free in in array_user_key_compare() Fixed a double free inside session_regenerate_id() Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers. Limit nesting level of input variables with max_input_nesting_level as fix for. Fixed CRLF injection inside ftp_putcmd(). Fixed a possible super-global overwrite inside import_request_variables(). Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library. Security Enhancements and Fixes in PHP 5.2.2 only: Fixed a header injection via Subject and To parameters to the mail() function Fixed wrong length calculation in unserialize S type. Fixed substr_compare and substr_count information leak. Fixed a remotely trigger-able buffer overflow inside make_http_soap_request(). Fixed a buffer overflow inside user_filter_factory_create(). Security Enhancements and Fixes in PHP 4.4.7 only: XSS in phpinfo() Discovery 2007-05-03 Entry 2007-05-07 Modified 2014-04-01 php5-imap php5-odbc php5-session php5-shmop php5-sqlite php5-wddx php5 < 5.2.2 php4-odbc php4-session php4-shmop php4-wddx php4 < 4.4.7 mod_php4-twig mod_php4 mod_php5 mod_php php4-cgi php4-cli php4-dtc php4-horde php4-nms php5-cgi php5-cli php5-dtc php5-horde php5-nms >= 4 lt 4.4.7 >= 5 lt 5.2.2 CVE-2007-1001 http://www.php.net/releases/4_4_7.php http://www.php.net/releases/5_2_2.php
7fcf1727-be71-11db-b2ec-000c6ec775d9	php -- multiple vulnerabilities Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities. The session extension contained `safe_mode` and `open_basedir` bypasses, but the FreeBSD Security Officer does not consider these real security vulnerabilities, since `safe_mode` and `open_basedir` are insecure by design and should not be relied upon. Discovery 2007-02-09 Entry 2007-02-17 Modified 2013-04-01 php5-imap php5-odbc php5-session php5-shmop php5-sqlite php5-wddx php5 < 5.2.1_2 php4-odbc php4-session php4-shmop php4-wddx php4 < 4.4.5 mod_php4-twig mod_php4 mod_php5 mod_php php4-cgi php4-cli php4-dtc php4-horde php4-nms php5-cgi php5-cli php5-dtc php5-horde php5-nms >= 4 lt 4.4.5 >= 5 lt 5.2.1_2 CVE-2007-0905 CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988 http://secunia.com/advisories/24089/ http://www.php.net/releases/4_4_5.php http://www.php.net/releases/5_2_1.php

f5e52bf5-fc77-11db-8163-000e0c2e438a

php -- multiple vulnerabilities

The PHP development team reports:

Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7:

Fixed CVE-2007-1001, GD wbmp used with invalid image size

Fixed asciiz byte truncation inside mail()

Fixed a bug in mb_parse_str() that can be used to activate register_globals

Fixed unallocated memory access/double free in in array_user_key_compare()

Fixed a double free inside session_regenerate_id()

Added missing open_basedir & safe_mode checks to zip:// and bzip:// wrappers.

Limit nesting level of input variables with max_input_nesting_level as fix for.

Fixed CRLF injection inside ftp_putcmd().

Fixed a possible super-global overwrite inside import_request_variables().

Fixed a remotely trigger-able buffer overflow inside bundled libxmlrpc library.

Security Enhancements and Fixes in PHP 5.2.2 only:

Fixed a header injection via Subject and To parameters to the mail() function

Fixed wrong length calculation in unserialize S type.

Fixed substr_compare and substr_count information leak.

Fixed a remotely trigger-able buffer overflow inside make_http_soap_request().

Fixed a buffer overflow inside user_filter_factory_create().

Security Enhancements and Fixes in PHP 4.4.7 only:

XSS in phpinfo()

Discovery 2007-05-03
Entry 2007-05-07
Modified 2014-04-01
php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5

< 5.2.2

php4-odbc
php4-session
php4-shmop
php4-wddx
php4

< 4.4.7

mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms

>= 4 lt 4.4.7

>= 5 lt 5.2.2

CVE-2007-1001
http://www.php.net/releases/4_4_7.php
http://www.php.net/releases/5_2_2.php

7fcf1727-be71-11db-b2ec-000c6ec775d9

php -- multiple vulnerabilities

Multiple vulnerabilities have been found in PHP, including: buffer overflows, stack overflows, format string, and information disclosure vulnerabilities.

The session extension contained safe_mode and open_basedir bypasses, but the FreeBSD Security Officer does not consider these real security vulnerabilities, since safe_mode and open_basedir are insecure by design and should not be relied upon.

Discovery 2007-02-09
Entry 2007-02-17
Modified 2013-04-01
php5-imap
php5-odbc
php5-session
php5-shmop
php5-sqlite
php5-wddx
php5

< 5.2.1_2

php4-odbc
php4-session
php4-shmop
php4-wddx
php4

< 4.4.5

mod_php4-twig
mod_php4
mod_php5
mod_php
php4-cgi
php4-cli
php4-dtc
php4-horde
php4-nms
php5-cgi
php5-cli
php5-dtc
php5-horde
php5-nms

>= 4 lt 4.4.5

>= 5 lt 5.2.1_2

CVE-2007-0905
CVE-2007-0906
CVE-2007-0907
CVE-2007-0908
CVE-2007-0909
CVE-2007-0910
CVE-2007-0988
http://secunia.com/advisories/24089/
http://www.php.net/releases/4_4_5.php
http://www.php.net/releases/5_2_1.php