Please update php70 to 7.0.8, contains security fixes. * Changelog: http://php.net/ChangeLog-7.php#7.0.8 * Possibly also related to: http://openwall.com/lists/oss-security/2016/06/23/2 I'm currently unable to produce patches (vuxml + php70), I'll see if I have some time to do so later. So I'm opening this to track progress for the issue, and give heads up with regards to the security issues involved.
Btw, miwi@, my apologies, I'm not ignoring your maintainership, I usually want to come up with a solution first, that's why I mentioned I couldn't prepare the patches at the moment. :)
Created attachment 171721 [details] 7.0.8 patch
A commit references this bug: Author: junovitch Date: Sat Jun 25 22:18:24 UTC 2016 New revision: 417490 URL: https://svnweb.freebsd.org/changeset/ports/417490 Log: Docment security issues fixed in PHP 7.0.8, 5.6.23, and 5.5.37 PR: 210491 PR: 210502 Reported by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Reported by: Philip Jocks <freebsdbugs@filis.org> Security: CVE-2015-8874 Security: CVE-2016-5766 Security: CVE-2016-5767 Security: CVE-2016-5768 Security: CVE-2016-5769 Security: CVE-2016-5770 Security: CVE-2016-5771 Security: CVE-2016-5772 Security: CVE-2016-5773 Security: https://vuxml.FreeBSD.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: junovitch Date: Sat Jun 25 22:20:31 UTC 2016 New revision: 417495 URL: https://svnweb.freebsd.org/changeset/ports/417495 Log: lang/php70: update 7.0.7 -> 7.0.8 PR: 210491 Reported by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Submitted by: Philip Jocks <freebsdbugs@filis.org> Approved by: ports-secteam (with hat) Security: CVE-2015-8874 Security: CVE-2016-5766 Security: CVE-2016-5767 Security: CVE-2016-5768 Security: CVE-2016-5769 Security: CVE-2016-5770 Security: CVE-2016-5771 Security: CVE-2016-5772 Security: CVE-2016-5773 Security: https://vuxml.FreeBSD.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html MFH: 2016Q2 Changes: head/lang/php70/Makefile head/lang/php70/distinfo
A commit references this bug: Author: junovitch Date: Sat Jun 25 22:20:56 UTC 2016 New revision: 417496 URL: https://svnweb.freebsd.org/changeset/ports/417496 Log: MFH: r417495 lang/php70: update 7.0.7 -> 7.0.8 PR: 210491 Reported by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Submitted by: Philip Jocks <freebsdbugs@filis.org> Approved by: ports-secteam (with hat) Security: CVE-2015-8874 Security: CVE-2016-5766 Security: CVE-2016-5767 Security: CVE-2016-5768 Security: CVE-2016-5769 Security: CVE-2016-5770 Security: CVE-2016-5771 Security: CVE-2016-5772 Security: CVE-2016-5773 Security: https://vuxml.FreeBSD.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html Changes: _U branches/2016Q2/ branches/2016Q2/lang/php70/Makefile branches/2016Q2/lang/php70/distinfo
Vladimir, thank you for the report. Philip, thank you for the patch. The patch has been committed in head and quarterly and an associated VuXML has been documented.