Date: Tue, 3 Apr 2012 10:01:15 -0400 From: Robert Simmons <rsimmons0@gmail.com> To: freebsd-security@freebsd.org Subject: Re: About PHP 5.X in FreeBSD port tree Message-ID: <CA%2BQLa9DqQ%2Bjs4fPiEePrhJCURw6TPQGJ3eRpi5p9e=opCrcNbA@mail.gmail.com> In-Reply-To: <CABkZrei%2BMi4Th5LOhPyYBX=KVp1jeXaqWci4ja=YymHzrCkc4w@mail.gmail.com> References: <CABkZrehP0H8z98f6z9e-F45kw2JYUkcmizt59jbh5RSgDnJWwg@mail.gmail.com> <4F79EA30.6070205@acsalaska.net> <CABkZrei%2BMi4Th5LOhPyYBX=KVp1jeXaqWci4ja=YymHzrCkc4w@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 3, 2012 at 2:54 AM, James Chang <james.technew@gmail.com> wrote= : > Dear Sir, > > =A0 =A0 =A0 =A0Thanks for your notice, but there seems no information abo= ut > whether the vulnerabilities about CVE-2011-2483, CVE-2011-4153 and > CVE-2011-3389 were fixed in FreeBSD port tree (PHP 5.3.10_1) or not? Looks like CVE-2011-2483 applies to PHP before 5.3.7: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2011-2483 and CVE-2011-4153 applies to 5.3.8: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2011-4153 and CVE-2011-3389 does not apply to PHP AFAIK: http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2011-3389 Since the version in ports is 5.3.10, I think you're safe. I'm sure someone will correct me if I'm off the mark. Personally, I use portaudit to keep it all straight: http://www.freebsd.org/cgi/url.cgi?ports/ports-mgmt/portaudit/pkg-descr Additionally, I'm signed up for the digest version of the US-CERT alerts from here: http://www.us-cert.gov/cas/signup.html Pretty good because it shows right in the second column of the report what versions are affected. Cheers! Rob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BQLa9DqQ%2Bjs4fPiEePrhJCURw6TPQGJ3eRpi5p9e=opCrcNbA>