From owner-freebsd-questions@FreeBSD.ORG  Mon Oct 16 01:00:51 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 66F1F16A47C
	for <freebsd-questions@freebsd.org>;
	Mon, 16 Oct 2006 01:00:51 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from mx00.pub.collaborativefusion.com
	(mx00.pub.collaborativefusion.com [206.210.89.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3155E43D73
	for <freebsd-questions@freebsd.org>;
	Mon, 16 Oct 2006 01:00:46 +0000 (GMT)
	(envelope-from wmoran@collaborativefusion.com)
Received: from localhost (c-71-60-174-60.hsd1.pa.comcast.net [71.60.174.60])
	(AUTH: LOGIN wmoran, TLS: TLSv1/SSLv3,256bits,AES256-SHA)
	by wingspan with esmtp; Sun, 15 Oct 2006 21:00:45 -0400
	id 00056407.4532D9BE.000007C4
Date: Sun, 15 Oct 2006 21:00:44 -0400
From: Bill Moran <wmoran@collaborativefusion.com>
To: "jan gestre" <freebsd.ph@gmail.com>
Message-Id: <20061015210044.5d900f29.wmoran@collaborativefusion.com>
In-Reply-To: <a25afc300610151755r3e307a54w17928a42d898d78b@mail.gmail.com>
References: <45322A1D.8070204@hadara.ps>
	<20061015151215.15a4062e@loki.starkstrom.lan>
	<200610151239.12127.freebsd@dfwlp.com>
	<453274C3.7090409@bsdunix.ch>
	<0F7C0CB4C34ECD44CCF3CDD0@paul-schmehls-powerbook59.local>
	<45329AB4.1000508@pixelhammer.com>
	<E69EE15A3D5493DD6562EFE1@paul-schmehls-powerbook59.local>
	<4532B812.5050402@bsdunix.ch>
	<a25afc300610151755r3e307a54w17928a42d898d78b@mail.gmail.com>
Organization: Collaborative Fusion
X-Mailer: Sylpheed version 2.2.7 (GTK+ 2.8.20; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: Paul Schmehl <pauls@utdallas.edu>, Thomas Vogt <thomas@bsdunix.ch>,
	freebsd-questions@freebsd.org
Subject: Re: PHP new vulnarabilities
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2006 01:00:51 -0000

"jan gestre" <freebsd.ph@gmail.com> wrote:

> so the question is, when will the php port be upgraded? it's been days
> already but i still keep on seeing the vulnerability message even if you say
> that it isn't that critical.

1) The suhosin patchset apparently plugs the hole.  Unfortunately,
   portaudit isn't aware of this and still reports the package as
   vulnerable.
2) The PHP folks haven't release the patch yet, although it's in their
   CVS.
3) Somebody _could_ generate a patchfile for the FreeBSD port -- don't
   know why nobody has.

So, the answer is "I don't know."

-- 
Bill Moran

There's more'n seventy little earth's spinning about the galaxy, and the 
meek have inherited not a one.

        Malcom Reynolds