From owner-freebsd-ports Thu Feb 28 4: 9:24 2002 Delivered-To: freebsd-ports@freebsd.org Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.98.60]) by hub.freebsd.org (Postfix) with ESMTP id 85C3E37B405; Thu, 28 Feb 2002 04:09:20 -0800 (PST) Received: from localhost (kheuer@localhost) by gwdu60.gwdg.de (8.11.6/8.11.6) with ESMTP id g1SC9J319753; Thu, 28 Feb 2002 13:09:19 +0100 (CET) (envelope-from kheuer@gwdg.de) X-Authentication-Warning: gwdu60.gwdg.de: kheuer owned process doing -bs Date: Thu, 28 Feb 2002 13:09:19 +0100 (CET) From: Konrad Heuer To: dirk@FreeBSD.org Cc: freebsd-ports@FreeBSD.org Subject: PHP remote vulnerabilities Message-ID: <20020228130151.Y12301-100000@gwdu60.gwdg.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=X-UNKNOWN Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Probably you already will have recognized that serious remote vulnerabilities have been announced in different php versions yesterday: http://security.e-matters.de/advisories/012002.html Since I (still) use php3 I fetched the corresponding patch from http://www.php.net/downloads.php which applied to the code below /usr/ports/www/mod_php3 after make extract. I rebuilt and reinstalled the module. Maybe you want to modify your FreeBSD port to include the patch automatically? I didn't try to see what happens in the php4 directory. Best regards and thanks for the FreeBSD port Konrad Konrad Heuer Personal Bookmarks: Gesellschaft f=FCr wissenschaftliche Datenverarbeitung mbH G=D6ttingen http://www.freebsd.org Am Fa=DFberg, D-37077 G=D6ttingen http://www.daemonnews.o= rg Deutschland (Germany) kheuer@gwdg.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message