Date: Tue, 25 Jun 2024 05:08:08 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 279979] lang/php83: Outdated and 1 Critical CVE & multiple CVEs Message-ID: <bug-279979-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D279979 Bug ID: 279979 Summary: lang/php83: Outdated and 1 Critical CVE & multiple CVEs Product: Ports & Packages Version: Latest Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: bofh@freebsd.org Reporter: ryan@bbnx.net Flags: maintainer-feedback?(bofh@freebsd.org) Assignee: bofh@freebsd.org Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection = in PHP-CGI). (CVE-2024-4577) https://nvd.nist.gov/vuln/detail/CVE-2024-4577 https://www.tenable.com/blog/cve-2024-4577-proof-of-concept-available-for-p= hp-cgi-argument-injection-vulnerability https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-ex= ploits-recent-php-rce-flaw-to-breach-servers/ Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458) https://nvd.nist.gov/vuln/detail/CVE-2024-5458 Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585) https://nvd.nist.gov/vuln/detail/CVE-2024-5585 Fix GHSA-wpj3-hf5j-x4v4: Host-/Secure- cookie bypass due to partial CVE-2022-31629 fix in 093c08af25 https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 Latest PHP 8.3 version is 8.3.8. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-279979-7788>