svn commit: r320210 - in head: lang/php53 security/vuxml

Fri Jun 7 15:19:28 UTC 2013

Author: flo
Date: Fri Jun  7 15:19:27 2013
New Revision: 320210
URL: http://svnweb.freebsd.org/changeset/ports/320210

Log:
  Update to 5.3.26
  
  Security:	59e7163c-cf84-11e2-907b-0025905a4770

Modified:
  head/lang/php53/Makefile
  head/lang/php53/distinfo
  head/security/vuxml/vuln.xml

Modified: head/lang/php53/Makefile
==============================================================================

--- head/lang/php53/Makefile	Fri Jun  7 15:08:58 2013	(r320209)
+++ head/lang/php53/Makefile	Fri Jun  7 15:19:27 2013	(r320210)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	php53
-PORTVERSION=	5.3.25
+PORTVERSION=	5.3.26
 PORTREVISION?=	0
 CATEGORIES?=	lang devel www
 MASTER_SITES=	${MASTER_SITE_PHP}

Modified: head/lang/php53/distinfo
==============================================================================
--- head/lang/php53/distinfo	Fri Jun  7 15:08:58 2013	(r320209)
+++ head/lang/php53/distinfo	Fri Jun  7 15:19:27 2013	(r320210)
@@ -1,5 +1,5 @@
-SHA256 (php-5.3.25.tar.bz2) = d51cadb2d783177627f272cb575ef3a973c8b6eb1e958d07dba00e81809ebc95
-SIZE (php-5.3.25.tar.bz2) = 11429225
+SHA256 (php-5.3.26.tar.bz2) = a36c9ed855e58da163868790695e722b782b1afc6f131be84182e8d73dcbf2a3
+SIZE (php-5.3.26.tar.bz2) = 11430170
 SHA256 (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 694f81a68120df89589d20262389b25431f8f2485b81da7519ffbf39edef14fd
 SIZE (suhosin-patch-5.3.x-0.9.10.4.patch.gz) = 40805
 SHA256 (php-5.3.x-mail-header.patch) = 5a677448b32d9f592703e2323a33facdb45e5c237dcca04aaea8ec3287f7db84

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Fri Jun  7 15:08:58 2013	(r320209)
+++ head/security/vuxml/vuln.xml	Fri Jun  7 15:19:27 2013	(r320210)
@@ -51,6 +51,39 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="59e7163c-cf84-11e2-907b-0025905a4770">
+    <topic>php5 -- Heap based buffer overflow in quoted_printable_encode</topic>
+    <affects>
+      <package>
+	<name>php5</name>
+	<range><lt>5.4.16</lt></range>
+      </package>
+      <package>
+	<name>php53</name>
+	<range><lt>5.3.26</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The PHP development team reports:</p>
+	<blockquote cite="http://www.php.net/ChangeLog-5.php">
+	  <p>A Heap-based buffer overflow flaw was found in the php
+	    quoted_printable_encode() function. A remote attacker could use
+	    this flaw to cause php to crash or execute arbirary code with the
+	    permission of the user running php</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2013-2110</cvename>
+      <url>https://bugzilla.redhat.com/show_bug.cgi?id=964969</url>
+    </references>
+    <dates>
+      <discovery>2013-06-06</discovery>
+      <entry>2013-06-07</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="72f35727-ce83-11e2-be04-005056a37f68">
     <topic>dns/bind9* -- A recursive resolver can be crashed by a query for a malformed zone</topic>
     <affects>
