Date: Sun, 08 Oct 2006 16:11:47 +0200 From: Armin Pirkovitsch <a.pirko@inode.at> To: Zbigniew Szalbot <zbyszek@szalbot.homedns.org> Cc: freebsd-questions@freebsd.org Subject: Re: cvsup and portupgrade Message-ID: <45290723.2080407@inode.at> In-Reply-To: <20061008155535.M17026@192.168.11.51> References: <20061008130817.G95896@192.168.11.51> <4528EB74.3060401@locolomo.org> <20061008142037.S97136@192.168.11.51> <4528F097.7010300@inode.at> <20061008154335.K98037@192.168.11.51> <452902EF.3080701@inode.at> <20061008155535.M17026@192.168.11.51>
next in thread | previous in thread | raw e-mail | index | archive | help
Zbigniew Szalbot wrote: > Hello, > > On Sun, 8 Oct 2006, Armin Pirkovitsch wrote: > >> Well another cvsup won't solve the problem since php hasn't been patched >> yet. However if you're really sure you need and want this kind of port >> installed just set the environment variable DISABLE_VULNERABILITIES. >> However - you should be aware that you'd install a program with a >> security hole. > > You are right - it did not help. I do not so much want to install php > with a security hole as much as I want to patch the hole. From the > portaudit report I understood that I need to update immediately. And > hence I am trying to do just that. But as a newbie, I guess I am making > lots of mistakes on the way. > > I would prefer to use portupgrade, since I have pkgtools.conf configured > so that php is kept with certain flags like CLI, etc. > > Reference: > <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>; > Many, many thanks for such prompt replies and helpful advice to you all! Just have a look at the reference - to be exactly at the Affects: list. It concerns all versions ( >0 ) which means there is no patch yet. So best thing to do is to watch that page and update as soon as there is a patch. -- Armin Pirkovitsch a.pirko@inode.at
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45290723.2080407>