svn commit: r501238 - head/security/vuxml
Bernard Spil
brnrd at FreeBSD.org
Sat May 11 09:14:22 UTC 2019
Author: brnrd
Date: Sat May 11 09:14:20 2019
New Revision: 501238
URL: https://svnweb.freebsd.org/changeset/ports/501238
Log:
security/vuxml: Document PHP-exif vulnerabilities
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat May 11 09:03:51 2019 (r501237)
+++ head/security/vuxml/vuln.xml Sat May 11 09:14:20 2019 (r501238)
@@ -58,6 +58,43 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="c2d1693b-73cb-11e9-a1c7-b499baebfeaf">
+ <topic>PHP -- Multiple vulnerabilities in EXIF module</topic>
+ <affects>
+ <package>
+ <name>php71-exif</name>
+ <range><lt>7.1.28</lt></range>
+ </package>
+ <package>
+ <name>php72-exif</name>
+ <range><lt>7.2.17</lt></range>
+ </package>
+ <package>
+ <name>php73-exif</name>
+ <range><lt>7.3.4</lt></range>
+ </package>
+
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP project reports:</p>
+ <blockquote cite="https://www.php.net/ChangeLog-7.php">
+ <p>Heap-buffer-overflow in php_ifd_get32s (CVE-2019-11034)</p>
+ <p>Heap-buffer-overflow in exif_iif_add_value (CVE-2019-11035)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.php.net/ChangeLog-7.php</url>
+ <cvename>CVE-2019-11034</cvename>
+ <cvename>CVE-2019-11035</cvename>
+ </references>
+ <dates>
+ <discovery>2019-04-04</discovery>
+ <entry>2019-05-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="065890c3-725e-11e9-b0e1-6cc21735f730">
<topic>PostgreSQL -- Selectivity estimators bypass row security policies</topic>
<affects>
More information about the svn-ports-all
mailing list