Date: Thu, 09 Jun 2005 16:03:53 +0200 From: Matthias Buelow <mkb@incubus.de> To: freebsd-ports@freebsd.org Subject: php4 vulnerabilities Message-ID: <42A84C49.7070106@incubus.de>
next in thread | raw e-mail | index | archive | help
Hi folks, I have various php4 ports installed, an up-to-date portaudit auditfile, and it doesn't warn me about the following issues in php4 <4.3.11: CVE-ID: CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043. Don't these problems apply to the 4.3.10 as bundled in ports, or is the auditfile just lagging? These are fairly serious issues, including a remote buffer overflow with code injection. I only stumbled upon them because I read about them being included in an update bundle for MacOS X, on mainstream media (is there something like a ports-security-notifications mailing list? Since the security-notifications list apparently only sends notifications about the base system.) mkb. P.S.: Please Cc: me if possible, since I'm not subscribed to the list.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42A84C49.7070106>