svn commit: r412474 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Sun Apr 3 14:19:02 UTC 2016
Author: junovitch
Date: Sun Apr 3 14:19:01 2016
New Revision: 412474
URL: https://svnweb.freebsd.org/changeset/ports/412474
Log:
Document multiple vulnerabilities from the 31 Mar 16 PHP releases
PR: 208465
Reported by Christian Schwarz <me at cschwarz.com>
Security: https://vuxml.FreeBSD.org/freebsd/482d40cb-f9a3-11e5-92ce-002590263bf5.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Apr 3 13:44:12 2016 (r412473)
+++ head/security/vuxml/vuln.xml Sun Apr 3 14:19:01 2016 (r412474)
@@ -58,6 +58,78 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="482d40cb-f9a3-11e5-92ce-002590263bf5">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php70</name>
+ <name>php70-fileinfo</name>
+ <name>php70-mbstring</name>
+ <name>php70-phar</name>
+ <name>php70-snmp</name>
+ <range><lt>7.0.5</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <name>php56-fileinfo</name>
+ <name>php56-mbstring</name>
+ <name>php56-phar</name>
+ <name>php56-snmp</name>
+ <range><lt>5.6.20</lt></range>
+ </package>
+ <package>
+ <name>php55</name>
+ <name>php55-fileinfo</name>
+ <name>php55-mbstring</name>
+ <name>php55-phar</name>
+ <name>php55-snmp</name>
+ <range><lt>5.5.34</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP Group reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-7.php#7.0.5">
+ <ul><li>Fileinfo:
+ <ul>
+ <li>Fixed bug #71527 (Buffer over-write in finfo_open with
+ malformed magic file).</li>
+ </ul></li>
+ <li>mbstring:
+ <ul>
+ <li>Fixed bug #71906 (AddressSanitizer: negative-size-param (-1)
+ in mbfl_strcut).</li>
+ </ul></li>
+ <li>Phar:
+ <ul>
+ <li>Fixed bug #71860 (Invalid memory write in phar on filename with
+ \0 in name).</li>
+ </ul></li>
+ <li>SNMP:
+ <ul>
+ <li>Fixed bug #71704 (php_snmp_error() Format String Vulnerability).
+ </li>
+ </ul></li>
+ <li>Standard:
+ <ul>
+ <li>Fixed bug #71798 (Integer Overflow in php_raw_url_encode).</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <freebsdpr>ports/208465</freebsdpr>
+ <url>http://php.net/ChangeLog-7.php#7.0.5</url>
+ <url>http://php.net/ChangeLog-5.php#5.6.20</url>
+ <url>http://php.net/ChangeLog-5.php#5.5.34</url>
+ </references>
+ <dates>
+ <discovery>2016-03-31</discovery>
+ <entry>2016-04-03</entry>
+ </dates>
+ </vuln>
+
<vuln vid="497b82e0-f9a0-11e5-92ce-002590263bf5">
<topic>pcre -- heap overflow vulnerability</topic>
<affects>
More information about the svn-ports-all
mailing list