FreeBSD Bugzilla – Attachment 159952 Details for
Bug 202386
security/vuxml: document and MFH lang/php5 {55,56} recent vulnerability fixes
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
security/vuxml for 5.4.44, 5.5.28, and 5.6.12 (http://php.net/ChangeLog-5.php)
php_vuxml.diff (text/plain), 2.69 KB, created by
Jason Unovitch
on 2015-08-17 13:04:44 UTC
(
hide
)
Description:
security/vuxml for 5.4.44, 5.5.28, and 5.6.12 (http://php.net/ChangeLog-5.php)
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-08-17 13:04:44 UTC
Size:
2.69 KB
patch
obsolete
>Index: vuln.xml >=================================================================== >--- vuln.xml (revision 394452) >+++ vuln.xml (working copy) >@@ -58,6 +58,83 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="787ef75e-44da-11e5-93ad-002590263bf5"> >+ <topic>php5 -- multiple vulnerabilities</topic> >+ <affects> >+ <package> >+ <name>php5</name> >+ <name>php5-openssl</name> >+ <name>php5-phar</name> >+ <name>php5-soap</name> >+ <range><lt>5.4.44</lt></range> >+ </package> >+ <package> >+ <name>php55</name> >+ <name>php55-openssl</name> >+ <name>php55-phar</name> >+ <name>php55-soap</name> >+ <range><lt>5.5.28</lt></range> >+ </package> >+ <package> >+ <name>php56</name> >+ <name>php56-openssl</name> >+ <name>php56-phar</name> >+ <name>php56-soap</name> >+ <range><lt>5.6.12</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>The PHP project reports:</p> >+ <blockquote cite="http://php.net/ChangeLog-5.php"> >+ <p>Core:</p> >+ <ul> >+ <li>Fixed bug #69793 (Remotely triggerable stack exhaustion via >+ recursive method calls).</li> >+ <li>Fixed bug #70121 (unserialize() could lead to unexpected methods >+ execution / NULL pointer deref).</li> >+ </ul> >+ <p>OpenSSL:</p> >+ <ul> >+ <li>Fixed bug #70014 (openssl_random_pseudo_bytes() is not >+ cryptographically secure).</li> >+ </ul> >+ <p>Phar:</p> >+ <ul> >+ <li>Improved fix for bug #69441.</li> >+ <li>Fixed bug #70019 (Files extracted from archive may be placed >+ outside of destination directory).</li> >+ </ul> >+ <p>SOAP:</p> >+ <ul> >+ <li>Fixed bug #70081 (SoapClient info leak / null pointer >+ dereference via multiple type confusions).</li> >+ </ul> >+ <p>SPL:</p> >+ <ul> >+ <li>Fixed bug #70068 (Dangling pointer in the unserialization of >+ ArrayObject items).</li> >+ <li>Fixed bug #70166 (Use After Free Vulnerability in unserialize() >+ with SPLArrayObject).</li> >+ <li>Fixed bug #70168 (Use After Free Vulnerability in unserialize() >+ with SplObjectStorage).</li> >+ <li>Fixed bug #70169 (Use After Free Vulnerability in unserialize() >+ with SplDoublyLinkedList).</li> >+ </ul> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <url>http://php.net/ChangeLog-5.php#5.4.44</url> >+ <url>http://php.net/ChangeLog-5.php#5.5.28</url> >+ <url>http://php.net/ChangeLog-5.php#5.6.12</url> >+ </references> >+ <dates> >+ <discovery>2015-08-06</discovery> >+ <entry>2015-08-17</entry> >+ </dates> >+ </vuln> >+ > <vuln vid="6241b5df-42a1-11e5-93ad-002590263bf5"> > <topic>mediawiki -- multiple vulnerabilities</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=159952">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202386
: 159952