diff options
| author | Xin LI <delphij@FreeBSD.org> | 2010-12-13 23:44:31 +0000 |
|---|---|---|
| committer | Xin LI <delphij@FreeBSD.org> | 2010-12-13 23:44:31 +0000 |
| commit | cc866cefeb69583d4b7c8b2da3f8eeb441b83ceb (patch) | |
| tree | bea264f296623206795b8b1ef8c09fdbc952971e /security/vuxml/vuln.xml | |
| parent | 0250a1de3764b2ef21ccb6d55ff7ce3abd491560 (diff) | |
| download | ports-cc866cefeb69583d4b7c8b2da3f8eeb441b83ceb.tar.gz ports-cc866cefeb69583d4b7c8b2da3f8eeb441b83ceb.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4e63b57ff265..74c5b6776c02 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,70 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="b2a6fc0e-070f-11e0-a6e9-00215c6a37bb"> + <topic>php -- multiple vulnerabilities</topic> + <affects> + <package> + <name>php5</name> + <range><lt>5.3.4</lt></range> + </package> + <package> + <name>php5</name> + <range><lt>5.2.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PHP developers reports:</p> + <blockquote cite="http://www.php.net/releases/5_3_4.php"> + <p>Security Enhancements and Fixes in PHP 5.3.4:</p> + <ul> + <li>Fixed crash in zip extract method (possible + CWE-170).</li> + <li>Paths with NULL in them (foo\0bar.txt) are now + considered as invalid (CVE-2006-7243).</li> + <li>Fixed a possible double free in imap extension + (Identified by Mateusz Kocielski). (CVE-2010-4150).</li> + <li>Fixed NULL pointer dereference in + ZipArchive::getArchiveComment. (CVE-2010-3709).</li> + <li>Fixed possible flaw in open_basedir (CVE-2010-3436).</li> + <li>Fixed MOPS-2010-24, fix string validation. + (CVE-2010-2950).</li> + <li>Fixed symbolic resolution support when the target + is a DFS share.</li> + <li>Fixed bug #52929 (Segfault in filter_var with + FILTER_VALIDATE_EMAIL with large amount of data) (CVE-2010-3710).</li> + </ul> + </blockquote> + <blockquote cite="http://www.php.net/releases/5_2_15.php"> + <p>Security Enhancements and Fixes in PHP 5.2.15:</p> + <ul> + <li>Fixed extract() to do not overwrite $GLOBALS and $this + when using EXTR_OVERWRITE.</li> + <li>Fixed crash in zip extract method (possible CWE-170).</li> + <li>Fixed a possible double free in imap extension.</li> + <li>Fixed possible flaw in open_basedir (CVE-2010-3436).</li> + <li>Fixed NULL pointer dereference in ZipArchive::getArchiveComment. + (CVE-2010-3709).</li> + <li>Fixed bug #52929 (Segfault in filter_var with FILTER_VALIDATE_EMAIL + with large amount of data).</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2006-7243</cvename> + <cvename>CVE-2010-2950</cvename> + <cvename>CVE-2010-3436</cvename> + <cvename>CVE-2010-3709</cvename> + <cvename>CVE-2010-4150</cvename> + </references> + <dates> + <discovery>2010-12-10</discovery> + <entry>2010-12-13</entry> + </dates> + </vuln> + <vuln vid="1d8ff4a2-0445-11e0-8e32-000f20797ede"> <topic>mozilla -- multiple vulnerabilities</topic> <affects> |