diff options
| author | Jason Unovitch <junovitch@FreeBSD.org> | 2016-03-13 14:39:50 +0000 |
|---|---|---|
| committer | Jason Unovitch <junovitch@FreeBSD.org> | 2016-03-13 14:39:50 +0000 |
| commit | 9c7743c915cabf5b0c870e5cf6af44207c2be9d7 (patch) | |
| tree | c302cf0dd68a968d0093104292c805a96c29b412 /security | |
| parent | 2fb43cc49994023ae912da107ea5a91f2fb997c2 (diff) | |
| download | ports-9c7743c915cabf5b0c870e5cf6af44207c2be9d7.tar.gz ports-9c7743c915cabf5b0c870e5cf6af44207c2be9d7.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 37 |
1 files changed, 32 insertions, 5 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 9f9e24e672ac..892f86e760fc 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -2497,14 +2497,18 @@ Notes: </vuln> <vuln vid="85eb4e46-cf16-11e5-840f-485d605f4717"> - <topic>php -- pcre vulnerability</topic> + <topic>php -- multiple vulnerabilities</topic> <affects> <package> <name>php55</name> + <name>php55-phar</name> + <name>php55-wddx</name> <range><lt>5.5.32</lt></range> </package> <package> <name>php56</name> + <name>php56-phar</name> + <name>php56-wddx</name> <range><lt>5.6.18</lt></range> </package> </affects> @@ -2512,11 +2516,32 @@ Notes: <body xmlns="http://www.w3.org/1999/xhtml"> <p>PHP reports:</p> <blockquote cite="http://php.net/ChangeLog-5.php#5.6.18"> - <ul><li>PCRE: + <ul><li>Core: <ul> - <li>Upgraded bundled PCRE library to 8.38.(CVE-2015-8383, - CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, - CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)</li> + <li>Fixed bug #71039 (exec functions ignore length but look for NULL + termination).</li> + <li>Fixed bug #71323 (Output of stream_get_meta_data can be + falsified by its input).</li> + <li>Fixed bug #71459 (Integer overflow in iptcembed()).</li> + </ul></li> + <li>PCRE: + <ul> + <li>Upgraded bundled PCRE library to 8.38.(CVE-2015-8383, + CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, + CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)</li> + </ul></li> + <li>Phar: + <ul> + <li>Fixed bug #71354 (Heap corruption in tar/zip/phar parser).</li> + <li>Fixed bug #71391 (NULL Pointer Dereference in + phar_tar_setupmetadata()).</li> + <li>Fixed bug #71488 (Stack overflow when decompressing tar + archives). (CVE-2016-2554)</li> + </ul></li> + <li>WDDX: + <ul> + <li>Fixed bug #71335 (Type Confusion in WDDX Packet + Deserialization).</li> </ul></li> </ul> </blockquote> @@ -2531,12 +2556,14 @@ Notes: <cvename>CVE-2015-8391</cvename> <cvename>CVE-2015-8393</cvename> <cvename>CVE-2015-8394</cvename> + <cvename>CVE-2016-2554</cvename> <url>http://php.net/ChangeLog-5.php#5.6.18</url> <url>http://php.net/ChangeLog-5.php#5.5.32</url> </references> <dates> <discovery>2016-02-04</discovery> <entry>2016-02-09</entry> + <modified>2016-03-13</modified> </dates> </vuln> |