CVE-2015-0231, CVE-2015-2305 and CVE-2015-2331 http://php.net/archive/2015.php#id2015-03-20-1
Created attachment 154935 [details] PHP 5.5.22 -> 5.5.23 Patch Build time tested: php55 php55-extensions php55-curl php55-xml php55-mbstring php55-json php55-simplexml php55-dom Basic Runtime tested: php55 php55-curl php55-xml php55-mbstring php55-json php55-simplexml php55-dom Poudriere logs are forthcoming.
Created attachment 154936 [details] Poudriere Build Logs from 10.1-RELEASE amd64 Also build tested and available upon request: 10.1-RELEASE i386, 9.3-RELEASE amd64, 9.3-RELEASE i386, 8.4-RELEASE amd64, 8.4-RELEASE i386
It would be nice and very much appreciated if this could get in the tree before the 2015Q2 cut.
(In reply to rainer from comment #4) I wouldn't worry about the timeline for the 2015Q2 cut; since this is a security fix, this justifies merging to the quarterly branch. I have the patch for vuxml to show it during pkg audit in the lang/php5 at https://bugs.freebsd.org/198993. The PHP project documents the same 3 CVE's for all 3 PHP versions so it should just be the one entry.
This PR can be closed. lang/php55 was updated from 5.5.22 -> 5.5.23 in r382895: https://svnweb.freebsd.org/ports?view=revision&revision=382895 security/vuxml updated in r382948: https://svnweb.freebsd.org/ports?view=revision&revision=382948