diff options
| author | scheidell <scheidell@FreeBSD.org> | 2012-05-05 19:02:12 +0800 |
|---|---|---|
| committer | scheidell <scheidell@FreeBSD.org> | 2012-05-05 19:02:12 +0800 |
| commit | baa4f1bbba0d741f3beba01443570e9c228a8233 (patch) | |
| tree | 08439fca26279b99188a6dc34cf22881e1eb4a5a /security | |
| parent | bcd0b55df6a8b2b6e36ad9d26e69dff0a20bc35e (diff) | |
| download | freebsd-ports-gnome-baa4f1bbba0d741f3beba01443570e9c228a8233.tar.gz freebsd-ports-gnome-baa4f1bbba0d741f3beba01443570e9c228a8233.tar.zst freebsd-ports-gnome-baa4f1bbba0d741f3beba01443570e9c228a8233.zip | |
- All versions of PHP between 2004 release and May 3rd, 2012 are vulnerable to cmdarg attacks
- Note: PHP 5.2.12 and 5.4.2 were created to address this issue, but did not.
- See WWW: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- An additional, unreleased version is needed.
Submitted by: scheidell@ (me)
Obtained from: WWW:www.php.net/archive/2012.php#id2012-05-03-1
Security: CVE-2012-1823
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3f7edcf3d3ec..68d2df6154ee 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,42 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="60de13d5-95f0-11e1-806a-001143cd36d8"> + <topic>php -- vulnerability in certain CGI-based setups(</topic> + <affects> + <package> + <name>php5</name> + <range><lt>5.3.12</lt></range> + </package> + <package> + <name>php4</name> + <range><lt>5.3</lt></range> + </package> + <package> + <name>php52</name> + <range><lt>5.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>php development team reports:</p> + <blockquote cite="http://www.php.net/archive/2012.php#id2012-05-03-1"> + <p>Security Enhancements and Fixes in PHP 5.3.12:</p> + <ul> + <li>Initial fix for cgi-bin ?-s cmdarg parse issue (CVE-2012-1823)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-1823</cvename> + </references> + <dates> + <discovery>2012-05-03</discovery> + <entry>2012-05-05</entry> + </dates> + </vuln> + <vuln vid="18dffa02-946a-11e1-be9d-000c29cc39d3"> <topic>WebCalendar -- multiple vulnerabilities</topic> <affects> |