svn commit: r415969 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Sat May 28 01:40:54 UTC 2016
Author: junovitch
Date: Sat May 28 01:40:53 2016
New Revision: 415969
URL: https://svnweb.freebsd.org/changeset/ports/415969
Log:
Document security issues fixed in PHP 7.0.7, 5.6.22, and 5.5.36
PR: 209779
Reported by: Fabiano Sidler <fabianosidler at swissonline.ch>
Security: CVE-2013-7456
Security: CVE-2016-4343
Security: CVE-2016-5093
Security: CVE-2016-5094
Security: CVE-2016-5096
Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri May 27 23:00:15 2016 (r415968)
+++ head/security/vuxml/vuln.xml Sat May 28 01:40:53 2016 (r415969)
@@ -58,6 +58,73 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="6b110175-246d-11e6-8dd3-002590263bf5">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php70-gd</name>
+ <name>php70-intl</name>
+ <range><lt>7.0.7</lt></range>
+ </package>
+ <package>
+ <name>php56</name>
+ <name>php56-gd</name>
+ <range><lt>5.6.22</lt></range>
+ </package>
+ <package>
+ <name>php55</name>
+ <name>php55-gd</name>
+ <name>php55-phar</name>
+ <range><lt>5.5.36</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The PHP Group reports:</p>
+ <blockquote cite="http://php.net/ChangeLog-5.php#5.5.36">
+ <ul><li>Core:
+ <ul>
+ <li>Fixed bug #72114 (Integer underflow / arbitrary null write in
+ fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)</li>
+ <li>Fixed bug #72135 (Integer Overflow in php_html_entities).
+ (CVE-2016-5094) (PHP 5.5/5.6 only)</li>
+ </ul></li>
+ <li>GD:
+ <ul>
+ <li>Fixed bug #72227 (imagescale out-of-bounds read).
+ (CVE-2013-7456)</li>
+ </ul></li>
+ <li>Intl:
+ <ul>
+ <li>Fixed bug #72241 (get_icu_value_internal out-of-bounds read).
+ (CVE-2016-5093)</li>
+ </ul></li>
+ <li>Phar:
+ <ul>
+ <li>Fixed bug #71331 (Uninitialized pointer in
+ phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)</li>
+ </ul></li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-5096</cvename>
+ <cvename>CVE-2016-5094</cvename>
+ <cvename>CVE-2013-7456</cvename>
+ <cvename>CVE-2016-5093</cvename>
+ <cvename>CVE-2016-4343</cvename>
+ <freebsdpr>ports/209779</freebsdpr>
+ <url>http://php.net/ChangeLog-7.php#7.0.7</url>
+ <url>http://php.net/ChangeLog-5.php#5.6.22</url>
+ <url>http://php.net/ChangeLog-5.php#5.5.36</url>
+ </references>
+ <dates>
+ <discovery>2016-05-26</discovery>
+ <entry>2016-05-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="00ec1be1-22bb-11e6-9ead-6805ca0b3d42">
<topic>phpmyadmin -- XSS and sensitive data leakage</topic>
<affects>
More information about the svn-ports-head
mailing list