[Bug 279979] lang/php83: Outdated and 1 Critical CVE & multiple CVEs

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 25 Jun 2024 05:08:08 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=279979

            Bug ID: 279979
           Summary: lang/php83: Outdated and 1 Critical CVE & multiple
                    CVEs
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: bofh@freebsd.org
          Reporter: ryan@bbnx.net
             Flags: maintainer-feedback?(bofh@freebsd.org)
          Assignee: bofh@freebsd.org

Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in
PHP-CGI). (CVE-2024-4577)
https://nvd.nist.gov/vuln/detail/CVE-2024-4577
https://www.tenable.com/blog/cve-2024-4577-proof-of-concept-available-for-php-cgi-argument-injection-vulnerability
https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-exploits-recent-php-rce-flaw-to-breach-servers/


Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var
FILTER_VALIDATE_URL). (CVE-2024-5458)
https://nvd.nist.gov/vuln/detail/CVE-2024-5458

Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874). (CVE-2024-5585)
https://nvd.nist.gov/vuln/detail/CVE-2024-5585

Fix GHSA-wpj3-hf5j-x4v4: Host-/Secure- cookie bypass due to partial
CVE-2022-31629 fix in 093c08af25
https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4

Latest PHP 8.3 version is 8.3.8.

-- 
You are receiving this mail because:
You are the assignee for the bug.