summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMuhammad Moinur Rahman <bofh@FreeBSD.org>2025-07-03 20:37:41 +0200
committerMuhammad Moinur Rahman <bofh@FreeBSD.org>2025-07-03 20:40:24 +0200
commit1436209d3f011973e709fd2aa5f480e7dacae936 (patch)
treef744133147db383b82d9d80eb6453dbc47d7a308
parentlang/php84: Update version 8.4.8=>8.4.10 (diff)
security/vuxml: Add CVE for php8*
Diffstat
-rw-r--r--security/vuxml/vuln/2025.xml49
1 files changed, 49 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 4d94ec3c9fbb..6bc7dd3de85f 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,52 @@
+ <vuln vid="d607b12c-5821-11f0-ab92-f02f7497ecda">
+ <topic>php -- Multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>php81</name>
+ <range><lt>8.1.33</lt></range>
+ </package>
+ <package>
+ <name>php82</name>
+ <range><lt>8.2.29</lt></range>
+ </package>
+ <package>
+ <name>php83</name>
+ <range><lt>8.3.23</lt></range>
+ </package>
+ <package>
+ <name>php84</name>
+ <range><lt>8.4.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>php.net reports:</p>
+ <blockquote cite="https://www.php.net/ChangeLog-8.php">
+ <ul>
+ <li>
+ CVE-2025-1735: pgsql extension does not check for errors during escaping
+ </li>
+ <li>
+ CVE-2025-6491: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
+ </li>
+ <li>
+ CVE-2025-1220: Null byte termination in hostnames
+ </li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-1735</cvename>
+ <cvename>CVE-2025-6491</cvename>
+ <cvename>CVE-2025-1220</cvename>
+ </references>
+ <dates>
+ <discovery>2025-02-27</discovery>
+ <entry>2025-07-03</entry>
+ </dates>
+ </vuln>
+
<vuln vid="bab7386a-582f-11f0-97d0-b42e991fc52e">
<topic>Mozilla -- exploitable crash</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-28 20:27:30 +0000