From owner-freebsd-ports@FreeBSD.ORG  Thu Mar  3 20:09:20 2011
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 46AC2106564A
	for <freebsd-ports@freebsd.org>; Thu,  3 Mar 2011 20:09:20 +0000 (UTC)
	(envelope-from ml@netfence.it)
Received: from cp-out8.libero.it (cp-out8.libero.it [212.52.84.108])
	by mx1.freebsd.org (Postfix) with ESMTP id CC0418FC15
	for <freebsd-ports@freebsd.org>; Thu,  3 Mar 2011 20:09:19 +0000 (UTC)
X-CTCH-Spam: Unknown
X-CTCH-RefID: str=0001.0A0B0209.4D6FF56E.005F,ss=1,re=0.000,fgs=0
X-libjamoibt: 1555
Received: from soth.ventu (151.51.54.96) by cp-out8.libero.it (8.5.133)
	id 4D0F2C980B01B834; Thu, 3 Mar 2011 21:09:18 +0100
Received: from alamar.ventu (alamar.ventu [10.1.2.18])
	by soth.ventu (8.14.4/8.14.4) with ESMTP id p23K997V091529;
	Thu, 3 Mar 2011 21:09:10 +0100 (CET) (envelope-from ml@netfence.it)
Message-ID: <4D6FF565.9070608@netfence.it>
Date: Thu, 03 Mar 2011 21:09:09 +0100
From: Andrea Venturoli <ml@netfence.it>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; it-IT;
	rv:1.9.2.14) Gecko/20110302 Thunderbird/3.1.8
MIME-Version: 1.0
To: admin@lissyara.su, freebsd-ports@freebsd.org
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.1.2.13
Cc: 
Subject: PHP52 vulnerability
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2011 20:09:20 -0000

Hello.

As you probably know, it looks like php52 is vulnerable:

Affected package: php52-5.2.17
Type of problem: php -- NULL byte poisoning.
Reference: 
http://portaudit.FreeBSD.org/3761df02-0f9c-11e0-becc-0022156e8794.html

Is there any news on the horizon?
Will a new version be released and/or the port updated?
Any possible patch?

Don't get me wrong, I'm not sentimentally tied to this version of php.
Rather, the problem is the fun the dev team must have experienced going 
a long way into deprecation of tons of things, which, by the way, breaks 
almost any non trivial application I know of (a couple of examples being 
KnowledgeTree and Horde).
On some box I tried the switch and had to go back immediately.

  bye & Thanks
	av.