From owner-freebsd-questions@FreeBSD.ORG  Tue Nov 10 06:38:42 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F187B106566C
	for <freebsd-questions@freebsd.org>;
	Tue, 10 Nov 2009 06:38:42 +0000 (UTC)
	(envelope-from arek@wup-katowice.pl)
Received: from mx1.wup-katowice.pl (mx1.wup-katowice.pl [195.39.216.236])
	by mx1.freebsd.org (Postfix) with ESMTP id AE6828FC12
	for <freebsd-questions@freebsd.org>;
	Tue, 10 Nov 2009 06:38:42 +0000 (UTC)
Received: from mx1.wup-katowice.pl (localhost [127.0.0.1])
	by mx1.wup-katowice.pl (Postfix) with ESMTP id 72EAF61C5A
	for <freebsd-questions@freebsd.org>;
	Tue, 10 Nov 2009 07:43:46 +0100 (CET)
Received: from [127.0.0.1] (arek.wup-katowice.pl [195.39.216.233])
	by mx1.wup-katowice.pl (Postfix) with ESMTPSA id 6550761C59
	for <freebsd-questions@freebsd.org>;
	Tue, 10 Nov 2009 07:43:46 +0100 (CET)
Date: Tue, 10 Nov 2009 07:38:38 +0100
From: Arek Czereszewski <arek@wup-katowice.pl>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; pl;
	rv:1.9.1.4pre) Gecko/20090915 Thunderbird/3.0b4
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Message-ID: <4AF90A6E.3040907@wup-katowice.pl>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.36/RELEASE,
	bases: 20091110 #3185127, check: 20091110 clean
Subject: php4-gd
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: arek@wup-katowice.pl
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2009 06:38:43 -0000

Hello,

I have on some web servers php4-gd port installed
and I am totally confused.
Portaudit says

Affected package: php4-gd-4.4.9
Type of problem: gd -- '_gdGetColors' remote buffer overflow
vulnerability.
Reference: 
<http://portaudit.FreeBSD.org/4e8344a3-ca52-11de-8ee8-00215c6a37bb.html>

On this site is info about: 5.2.11 and 5.3.0

On Securityfocus is info also about 4.4.9
but on cve.mitre.org is not.

Any idea where is the true?
Are my servers with php4-gd are secure or not?

Regards
Arek

-- 
Arek Czereszewski
arek (at) wup-katowice (dot) pl
"UNIX allows me to work smarter, not harder."