Date: Sun, 15 Oct 2006 13:07:15 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: freebsd-questions@freebsd.org Subject: Re: PHP new vulnarabilities Message-ID: <0F7C0CB4C34ECD44CCF3CDD0@paul-schmehls-powerbook59.local> In-Reply-To: <453274C3.7090409@bsdunix.ch> References: <45322A1D.8070204@hadara.ps> <20061015151215.15a4062e@loki.starkstrom.lan> <200610151239.12127.freebsd@dfwlp.com> <453274C3.7090409@bsdunix.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
--On October 15, 2006 7:49:55 PM +0200 Thomas <freebsdlists@bsdunix.ch> wrote: > > Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You > can use: > make -DDISABLE_VULNERABILITIES install clean > It will ignore the vuxml entry. > No offense, but anybody who *deliberately* installs a vulnerable version of php in *today's* world, is an absolute fool. Some of us are *stuck* with the vulnerable version, because we installed before the vulnerability was found. We can't go back because previous versions are *also* vulnerable. But *deliberately* installing it when you *know* it's vulnerable - and one of the most attacked applications on the internet? Foolhardy doesn't quite grasp the insanity of that. Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0F7C0CB4C34ECD44CCF3CDD0>