FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php-phar -- multiple vulnerabilities

Affected packages
php56-phar < 5.6.11
php55-phar < 5.5.27
php5-phar < 5.4.43

Details

VuXML ID 8b1f53f3-2da5-11e5-86ff-14dae9d210b8
Discovery 2015-06-24
Entry 2015-07-18
Modified 2015-12-18

reports:

Segfault in Phar::convertToData on invalid file.

Buffer overflow and stack smashing error in phar_fix_filepath.

References

CVE Name CVE-2015-5589
CVE Name CVE-2015-5590
Message http://seclists.org/oss-sec/2015/q3/141
URL http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
URL http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
URL https://bugs.php.net/bug.php?id=69923
URL https://bugs.php.net/bug.php?id=69958