diff options
| -rw-r--r-- | lang/php53/Makefile | 4 | ||||
| -rw-r--r-- | lang/php53/distinfo | 8 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 37 |
3 files changed, 43 insertions, 6 deletions
diff --git a/lang/php53/Makefile b/lang/php53/Makefile index dbc1ebc50b31..04bc35bb6daa 100644 --- a/lang/php53/Makefile +++ b/lang/php53/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= php53 -PORTVERSION= 5.3.22 +PORTVERSION= 5.3.23 PORTREVISION?= 0 CATEGORIES?= lang devel www MASTER_SITES= ${MASTER_SITE_PHP} @@ -63,7 +63,7 @@ PATCH_SITES+= ${MASTER_SITE_LOCAL} \ PATCH_SITE_SUBDIR= flo .if ${PORT_OPTIONS:MSUHOSIN} -PATCHFILES+= suhosin-patch-5.3.x-0.9.10.2.patch.gz +PATCHFILES+= suhosin-patch-5.3.x-0.9.10.3.patch.gz PLIST_SUB+= SUHOSIN="" .else PLIST_SUB+= SUHOSIN="@comment " diff --git a/lang/php53/distinfo b/lang/php53/distinfo index c70b00d76dac..bd720b2e444b 100644 --- a/lang/php53/distinfo +++ b/lang/php53/distinfo @@ -1,6 +1,6 @@ -SHA256 (php-5.3.22.tar.bz2) = 2da5fefdd24dafd8a94b6e41ba2c308ee216f97b3d605abde513d0cdc680d588 -SIZE (php-5.3.22.tar.bz2) = 11366482 -SHA256 (suhosin-patch-5.3.x-0.9.10.2.patch.gz) = 886bc7d7816fcce93792bd4a847731c460460b4f3987e0a5f6bf44b1979f5daa -SIZE (suhosin-patch-5.3.x-0.9.10.2.patch.gz) = 40806 +SHA256 (php-5.3.23.tar.bz2) = 69473eae7c752987a8fc7619bae9f7121cfe7c6603a2ebf13c8e036dff6a4944 +SIZE (php-5.3.23.tar.bz2) = 11410987 +SHA256 (suhosin-patch-5.3.x-0.9.10.3.patch.gz) = 40a5de284f3bec4e5f7d54093ff23fd909030f84852fb2157780d41378932b82 +SIZE (suhosin-patch-5.3.x-0.9.10.3.patch.gz) = 40957 SHA256 (php-5.3.x-mail-header.patch) = 5a677448b32d9f592703e2323a33facdb45e5c237dcca04aaea8ec3287f7db84 SIZE (php-5.3.x-mail-header.patch) = 3325 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 31b6d4c31532..a55c8fef6b00 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,43 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="1d23109a-9005-11e2-9602-d43d7e0c7c02"> + <topic>php5 -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>php5</name> + <range><lt>5.4.13</lt></range> + </package> + <package> + <name>php53</name> + <range><lt>5.3.23</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The PHP development team reports:</p> + <blockquote cite="http://www.php.net/ChangeLog-5.php"> + <p>PHP does not validate the relationship between the soap.wsdl_cache_dir + directive and the open_basedir directive, which allows remote attackers to + bypass intended access restrictions by triggering the creation of cached + SOAP WSDL files in an arbitrary directory.</p> + <p>The SOAP parser in PHP allows remote attackers to read arbitrary files + via a SOAP WSDL file containing an XML external entity declaration in + conjunction with an entity reference, related to an XML External Entity + (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-1635</cvename> + <cvename>CVE-2013-1643</cvename> + </references> + <dates> + <discovery>2013-03-04</discovery> + <entry>2013-03-18</entry> + </dates> + </vuln> + <vuln vid="edd201a5-8fc3-11e2-b131-000c299b62e1"> <topic>piwigo -- CSRF/Path Traversal</topic> <affects> |