FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fe5c1e7a-7eed-11ef-9533-f875a43e1796	php -- Multiple vulnerabilities php.net reports: CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). CVE-2024-9026: FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). CVE-2024-8925: SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). Discovery 2024-09-26 Entry 2024-09-30 php81 < 8.1.30 php82 < 8.2.24 php83 < 8.3.12 CVE-2024-8926 CVE-2024-8927 CVE-2024-9026 CVE-2024-8925 https://www.php.net/ChangeLog-8.php
6d82c5e9-fc24-11ee-a689-04421a1baf97	php -- Multiple vulnerabilities This update includes 3 security fixes: High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows Medium CVE-2024-2756: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix High CVE-2024-2757: mb_encode_mimeheader runs endlessly for some inputs Discovery 2024-04-11 Entry 2024-04-16 php81 < 8.1.28 php82 < 8.2.18 php83 < 8.3.6 CVE-2024-1874 https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 CVE-2024-2756 https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 CVE-2024-3096 https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr CVE-2024-2757 https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq

VuXML ID

Description

fe5c1e7a-7eed-11ef-9533-f875a43e1796

php -- Multiple vulnerabilities

php.net reports:

CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 (Bypass of CVE-2024-4577, Parameter Injection Vulnerability).

CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision).

CVE-2024-9026: FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).

CVE-2024-8925: SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).

Discovery 2024-09-26
Entry 2024-09-30
php81

< 8.1.30

php82

< 8.2.24

php83

< 8.3.12

CVE-2024-8926
CVE-2024-8927
CVE-2024-9026
CVE-2024-8925
https://www.php.net/ChangeLog-8.php

6d82c5e9-fc24-11ee-a689-04421a1baf97

php -- Multiple vulnerabilities

This update includes 3 security fixes:

High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows

High CVE-2024-1874: Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows

Medium CVE-2024-2756: __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix

High CVE-2024-2757: mb_encode_mimeheader runs endlessly for some inputs

Discovery 2024-04-11
Entry 2024-04-16
php81

< 8.1.28

php82

< 8.2.18

php83

< 8.3.6

CVE-2024-1874
https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
CVE-2024-2756
https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
CVE-2024-3096
https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr
CVE-2024-2757
https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq