aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsimon <simon@FreeBSD.org>2007-02-17 19:51:27 +0800
committersimon <simon@FreeBSD.org>2007-02-17 19:51:27 +0800
commit0cbdebb667574a6cea3241d8365b96ebb02bbeb4 (patch)
treee434dbc9c71b7c751dd8f482bfb2c66e158e5ea4
parent8faa6ddbe92867ea4f6ab92795458e92baea1941 (diff)
downloadfreebsd-ports-gnome-0cbdebb667574a6cea3241d8365b96ebb02bbeb4.tar.gz
freebsd-ports-gnome-0cbdebb667574a6cea3241d8365b96ebb02bbeb4.tar.zst
freebsd-ports-gnome-0cbdebb667574a6cea3241d8365b96ebb02bbeb4.zip
Document php -- multiple vulnerabilities.
-rw-r--r--security/vuxml/vuln.xml70
1 files changed, 70 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 5fc1a8aaa3ed..72826dca83a0 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,76 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="7fcf1727-be71-11db-b2ec-000c6ec775d9">
+ <topic>php -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php5-imap</name>
+ <name>php5-odbc</name>
+ <name>php5-session</name>
+ <name>php5-shmop</name>
+ <name>php5-sqlite</name>
+ <name>php5-wddx</name>
+ <name>php5</name>
+ <range><lt>5.2.1</lt></range>
+ </package>
+ <package>
+ <name>php4-odbc</name>
+ <name>php4-session</name>
+ <name>php4-shmop</name>
+ <name>php4-wddx</name>
+ <name>php4</name>
+ <range><lt>4.4.5</lt></range>
+ </package>
+ <package>
+ <name>mod_php4-twig</name>
+ <name>mod_php4</name>
+ <name>mod_php5</name>
+ <name>mod_php</name>
+ <name>php4-cgi</name>
+ <name>php4-cli</name>
+ <name>php4-dtc</name>
+ <name>php4-horde</name>
+ <name>php4-nms</name>
+ <name>php5-cgi</name>
+ <name>php5-cli</name>
+ <name>php5-dtc</name>
+ <name>php5-horde</name>
+ <name>php5-nms</name>
+ <range><ge>0</ge></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Multiple vulnerabilities has been found in PHP, including:
+ buffer overflows, stack overflows, format string, and
+ information disclosure vulnerabilities.</p>
+ <p>The session extension contained <code>safe_mode</code> and
+ <code>open_basedir</code> bypasses, but the FreeBSD Security
+ Officer does not consider these real security
+ vulnerabilities, since <code>safe_mode</code> and
+ <code>open_basedir</code> are insecure by design and should
+ not be relied upon.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2007-0905</cvename>
+ <cvename>CVE-2007-0906</cvename>
+ <cvename>CVE-2007-0907</cvename>
+ <cvename>CVE-2007-0908</cvename>
+ <cvename>CVE-2007-0909</cvename>
+ <cvename>CVE-2007-0910</cvename>
+ <cvename>CVE-2007-0988</cvename>
+ <url>http://secunia.com/advisories/24089/</url>
+ <url>http://www.php.net/releases/4_4_5.php</url>
+ <url>http://www.php.net/releases/5_2_1.php</url>
+ </references>
+ <dates>
+ <discovery>2007-02-09</discovery>
+ <entry>2007-02-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="7bb127c1-a5aa-11db-9ddc-0011098b2f36">
<topic>joomla -- multiple remote vulnerabilities</topic>
<affects>