FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- multiple vulnerabilities

Affected packages
	php70	<	7.0.6
	php70-bcmath	<	7.0.6
	php70-exif	<	7.0.6
	php70-gd	<	7.0.6
	php70-xml	<	7.0.6
	php56	<	5.6.21
	php56-bcmath	<	5.6.21
	php56-exif	<	5.6.21
	php56-gd	<	5.6.21
	php56-xml	<	5.6.21
	php55	<	5.5.35
	php55-bcmath	<	5.5.35
	php55-exif	<	5.5.35
	php55-gd	<	5.5.35
	php55-xml	<	5.5.35

Details

VuXML ID	5764c634-10d2-11e6-94fa-002590263bf5
Discovery	2016-04-28
Entry	2016-05-03

The PHP Group reports:

BCMath:

Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition).

Exif:

Fixed bug #72094 (Out of bounds heap read access in exif header processing).

GD:

Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074)

Intl:

Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset).

XML:

Fixed bug #72099 (xml_parse_into_struct segmentation fault).

[source]

References

CVE Name	CVE-2016-3074
FreeBSD PR	ports/209145
URL	http://www.php.net/ChangeLog-5.php#5.5.35
URL	http://www.php.net/ChangeLog-5.php#5.6.21
URL	http://www.php.net/ChangeLog-7.php#7.0.6