From owner-svn-ports-head@freebsd.org Sat May 28 01:40:54 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81FF2B4C3A2; Sat, 28 May 2016 01:40:54 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 40E8A1EC7; Sat, 28 May 2016 01:40:54 +0000 (UTC) (envelope-from junovitch@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u4S1er3f054385; Sat, 28 May 2016 01:40:53 GMT (envelope-from junovitch@FreeBSD.org) Received: (from junovitch@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u4S1erHa054384; Sat, 28 May 2016 01:40:53 GMT (envelope-from junovitch@FreeBSD.org) Message-Id: <201605280140.u4S1erHa054384@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: junovitch set sender to junovitch@FreeBSD.org using -f From: Jason Unovitch Date: Sat, 28 May 2016 01:40:53 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r415969 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 May 2016 01:40:54 -0000 Author: junovitch Date: Sat May 28 01:40:53 2016 New Revision: 415969 URL: https://svnweb.freebsd.org/changeset/ports/415969 Log: Document security issues fixed in PHP 7.0.7, 5.6.22, and 5.5.36 PR: 209779 Reported by: Fabiano Sidler Security: CVE-2013-7456 Security: CVE-2016-4343 Security: CVE-2016-5093 Security: CVE-2016-5094 Security: CVE-2016-5096 Security: https://vuxml.FreeBSD.org/freebsd/6b110175-246d-11e6-8dd3-002590263bf5.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri May 27 23:00:15 2016 (r415968) +++ head/security/vuxml/vuln.xml Sat May 28 01:40:53 2016 (r415969) @@ -58,6 +58,73 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + php -- multiple vulnerabilities + + + php70-gd + php70-intl + 7.0.7 + + + php56 + php56-gd + 5.6.22 + + + php55 + php55-gd + php55-phar + 5.5.36 + + + + +

The PHP Group reports:

+
Core: +
+
Fixed bug #72114 (Integer underflow / arbitrary null write in + fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)
+
Fixed bug #72135 (Integer Overflow in php_html_entities). + (CVE-2016-5094) (PHP 5.5/5.6 only)
+
+
GD: +
+
Fixed bug #72227 (imagescale out-of-bounds read). + (CVE-2013-7456)
+
+
Intl: +
+
Fixed bug #72241 (get_icu_value_internal out-of-bounds read). + (CVE-2016-5093)
+
+
Phar: +
+
Fixed bug #71331 (Uninitialized pointer in + phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)
+
+
+

+ + + + CVE-2016-5096 + CVE-2016-5094 + CVE-2013-7456 + CVE-2016-5093 + CVE-2016-4343 + ports/209779 + http://php.net/ChangeLog-7.php#7.0.7 + http://php.net/ChangeLog-5.php#5.6.22 + http://php.net/ChangeLog-5.php#5.5.36 + + + 2016-05-26 + 2016-05-28 + + + phpmyadmin -- XSS and sensitive data leakage