Date: Tue, 10 Oct 2006 20:04:54 +0200 From: Armin Pirkovitsch <a.pirko@inode.at> To: Matt Craig <matcraig@nmsu.edu> Cc: freebsd-ports@freebsd.org Subject: Re: php4 update fails Message-ID: <452BE0C6.9010208@inode.at> In-Reply-To: <452BDD83.9060804@nmsu.edu> References: <452BDD83.9060804@nmsu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Craig wrote: > [...] > ===> Cleaning for php4-4.4.4 > ===> php4-4.4.4 has known vulnerabilities: > => php -- open_basedir Race Condition Vulnerability. > Reference: > <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html>; > > => Please update your ports tree and try again. > *** Error code 1 > I also tried portupgrade Nfp, removing the package with pkg_delete php4 > and adding it back again with pkg_add -r php4, and I get the same > thing. Doing a make install yields the same results as well. I also > get the same thing after updating the ports tree with cvsup. > > Is it possible that php4 will not update because of the open_basedir > Race Condition Vulnerability? If so it fails to mention that. Just follow the url stated in the error - if you look more closely all listed php ports are concerned and each port with a >=0 means that there is no patch yet - which means that any attempt to install it will fail. The only way to override a vulnaritbility is to set DISABLE_VULNERABILITIES - however this shouldn't be used careless. -- Armin Pirkovitsch a.pirko@inode.at
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?452BE0C6.9010208>