diff options
| author | brnrd <brnrd@FreeBSD.org> | 2016-12-29 19:22:35 +0800 |
|---|---|---|
| committer | brnrd <brnrd@FreeBSD.org> | 2016-12-29 19:22:35 +0800 |
| commit | 97514ea51da149e2bc2bec971df5b8b2e02aef06 (patch) | |
| tree | 9ca7299f8e3e673a6dd484120318ce3269731948 /security | |
| parent | a1cef8fc123bbbf691ec8e49a0febdeb1a0e3ed4 (diff) | |
| download | freebsd-ports-gnome-97514ea51da149e2bc2bec971df5b8b2e02aef06.tar.gz freebsd-ports-gnome-97514ea51da149e2bc2bec971df5b8b2e02aef06.tar.zst freebsd-ports-gnome-97514ea51da149e2bc2bec971df5b8b2e02aef06.zip | |
security/vuxml: Document PHP vulnerabilities
- Vulnerabilities fixed in 7.0.14
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4b49b0128167..eecf55d7bfea 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,37 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6972668d-cdb7-11e6-a9a5-b499baebfeaf"> + <topic>PHP -- multiple vulnerabilities</topic> + <affects> + <package> + <name>php70</name> + <range><lt>7.0.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The PHP project reports:</p> + <blockquote cite="http://php.net/ChangeLog-7.php#7.0.14"> + <ul> + <li>Use After Free Vulnerability in unserialize() (CVE-2016-9936)</li> + <li>Invalid read when wddx decodes empty boolean element + (CVE-2016-9935)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>http://php.net/ChangeLog-7.php#7.0.14</url> + <cvename>CVE-2016-9935</cvename> + <cvename>CVE-2016-9936</cvename> + </references> + <dates> + <discovery>2016-12-08</discovery> + <entry>2016-12-29</entry> + </dates> + </vuln> + <vuln vid="3c4693de-ccf7-11e6-a9a5-b499baebfeaf"> <topic>phpmailer -- Remote Code Execution</topic> <affects> |