From owner-freebsd-security@FreeBSD.ORG Sat May 3 13:08:22 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A5984106566C for ; Sat, 3 May 2008 13:08:22 +0000 (UTC) (envelope-from infofarmer@FreeBSD.org) Received: from heka.cenkes.org (heka.cenkes.org [208.79.80.110]) by mx1.freebsd.org (Postfix) with ESMTP id 8FEEE8FC0A for ; Sat, 3 May 2008 13:08:22 +0000 (UTC) (envelope-from infofarmer@FreeBSD.org) Received: from amilo.cenkes.org (ppp85-140-149-58.pppoe.mtu-net.ru [85.140.149.58]) (Authenticated sender: sat) by heka.cenkes.org (Postfix) with ESMTPSA id 54344242F8DB; Sat, 3 May 2008 16:51:18 +0400 (MSD) Date: Sat, 3 May 2008 16:51:14 +0400 From: Andrew Pantyukhin To: Gunther Mayer Message-ID: <20080503125112.GF92161@amilo.cenkes.org> References: <48197EDD.7030308@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <48197EDD.7030308@gmail.com> X-OS: FreeBSD 8.0-CURRENT amd64 User-Agent: Mutt/1.5.17 (2007-11-01) Cc: freebsd-security@freebsd.org Subject: Re: validity of php 5.2.1 vulnerability X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: infofarmer@FreeBSD.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 May 2008 13:08:22 -0000 On Thu, May 01, 2008 at 10:27:09AM +0200, Gunther Mayer wrote: > Hi there, > > Some days ago there was an integer overflow vulnerability posted for php > 5.2.1 and earlier You mean 5.2.5. 5.2.5_1 fixed a different kind of problem. 5.2.6 has just been committed; update your ports tree, please. Yes, there was a time window between the advisory and the commit, when you could do nothing but wait (or get the relevant patch from the PHP project). We're sorry to have kept you waiting.