https://bugs.php.net/bug.php?id=69737
This is fixed and ready to closed based off the PHP changelog. http://php.net/ChangeLog-5.php#5.6.11 PHP 5 ChangeLog Version 5.6.11 10 Jul 2015 SPL: Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). Note that upstream removed the "security" tag from the upstream bug tracker.
(In reply to Jason Unovitch from comment #1) A followup now that I looked... we shouldn't "close" until the security fixes from 5.6.11 are all documented. I'll address the documenting the recent PHP security tonight and we'll call this 100% after the VuXML update has been put into ports.
@Jason, is this now resolved? If so, please add comment with references. If not, mention what still needs to be done
A commit references this bug: Author: junovitch Date: Fri Dec 18 01:34:02 UTC 2015 New revision: 403947 URL: https://svnweb.freebsd.org/changeset/ports/403947 Log: Add PHP 5.6 package name to an earlier PHP VuXML entry PR: 200779 Security: CVE-2015-5590 Security: CVE-2015-5589 Security: https://vuxml.FreeBSD.org/freebsd/8b1f53f3-2da5-11e5-86ff-14dae9d210b8.html Changes: head/security/vuxml/vuln.xml
Somehow we missed adding the PHP 5.6 package names for the PHAR extention to an earlier entry. That has now been fixed. The other PHP bugs and cross reference to VuXML are listed below: PHP Bug 69972 - https://vuxml.FreeBSD.org/freebsd/3d39e927-29a2-11e5-86ff-14dae9d210b8.html PHP Bug 69970 - https://vuxml.FreeBSD.org/freebsd/af7fbd91-29a1-11e5-86ff-14dae9d210b8.html PHP Bug 69768 - https://vuxml.FreeBSD.org/freebsd/5a1d5d74-29a0-11e5-86ff-14dae9d210b8.html PHP Bug 69669 - https://vuxml.FreeBSD.org/freebsd/36bd352d-299b-11e5-86ff-14dae9d210b8.html