svn commit: r415969 - head/security/vuxml

Sat May 28 01:40:54 UTC 2016

Author: junovitch
Date: Sat May 28 01:40:53 2016
New Revision: 415969
URL: https://svnweb.freebsd.org/changeset/ports/415969

Log:
  Document security issues fixed in PHP 7.0.7, 5.6.22, and 5.5.36
  
  PR:		209779
  Reported by:	Fabiano Sidler <fabianosidler at swissonline.ch>
  Security:	CVE-2013-7456
  Security:	CVE-2016-4343
  Security:	CVE-2016-5093
  Security:	CVE-2016-5094
  Security:	CVE-2016-5096
  Security:	https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================

--- head/security/vuxml/vuln.xml	Fri May 27 23:00:15 2016	(r415968)
+++ head/security/vuxml/vuln.xml	Sat May 28 01:40:53 2016	(r415969)
@@ -58,6 +58,73 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="6b110175-246d-11e6-8dd3-002590263bf5">
+    <topic>php -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>php70-gd</name>
+	<name>php70-intl</name>
+	<range><lt>7.0.7</lt></range>
+      </package>
+      <package>
+	<name>php56</name>
+	<name>php56-gd</name>
+	<range><lt>5.6.22</lt></range>
+      </package>
+      <package>
+	<name>php55</name>
+	<name>php55-gd</name>
+	<name>php55-phar</name>
+	<range><lt>5.5.36</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The PHP Group reports:</p>
+	<blockquote cite="http://php.net/ChangeLog-5.php#5.5.36">
+	  <ul><li>Core:
+	  <ul>
+	    <li>Fixed bug #72114 (Integer underflow / arbitrary null write in
+	      fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)</li>
+	    <li>Fixed bug #72135 (Integer Overflow in php_html_entities).
+	      (CVE-2016-5094) (PHP 5.5/5.6 only)</li>
+	  </ul></li>
+	  <li>GD:
+	  <ul>
+	    <li>Fixed bug #72227 (imagescale out-of-bounds read).
+	      (CVE-2013-7456)</li>
+	  </ul></li>
+	  <li>Intl:
+	  <ul>
+	    <li>Fixed bug #72241 (get_icu_value_internal out-of-bounds read).
+	      (CVE-2016-5093)</li>
+	  </ul></li>
+	  <li>Phar:
+	  <ul>
+	    <li>Fixed bug #71331 (Uninitialized pointer in
+	      phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)</li>
+	  </ul></li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2016-5096</cvename>
+      <cvename>CVE-2016-5094</cvename>
+      <cvename>CVE-2013-7456</cvename>
+      <cvename>CVE-2016-5093</cvename>
+      <cvename>CVE-2016-4343</cvename>
+      <freebsdpr>ports/209779</freebsdpr>
+      <url>http://php.net/ChangeLog-7.php#7.0.7</url>
+      <url>http://php.net/ChangeLog-5.php#5.6.22</url>
+      <url>http://php.net/ChangeLog-5.php#5.5.36</url>
+    </references>
+    <dates>
+      <discovery>2016-05-26</discovery>
+      <entry>2016-05-28</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="00ec1be1-22bb-11e6-9ead-6805ca0b3d42">
     <topic>phpmyadmin -- XSS and sensitive data leakage</topic>
     <affects>
