Date: Sun, 15 Oct 2006 21:00:44 -0400 From: Bill Moran <wmoran@collaborativefusion.com> To: "jan gestre" <freebsd.ph@gmail.com> Cc: Paul Schmehl <pauls@utdallas.edu>, Thomas Vogt <thomas@bsdunix.ch>, freebsd-questions@freebsd.org Subject: Re: PHP new vulnarabilities Message-ID: <20061015210044.5d900f29.wmoran@collaborativefusion.com> In-Reply-To: <a25afc300610151755r3e307a54w17928a42d898d78b@mail.gmail.com> References: <45322A1D.8070204@hadara.ps> <20061015151215.15a4062e@loki.starkstrom.lan> <200610151239.12127.freebsd@dfwlp.com> <453274C3.7090409@bsdunix.ch> <0F7C0CB4C34ECD44CCF3CDD0@paul-schmehls-powerbook59.local> <45329AB4.1000508@pixelhammer.com> <E69EE15A3D5493DD6562EFE1@paul-schmehls-powerbook59.local> <4532B812.5050402@bsdunix.ch> <a25afc300610151755r3e307a54w17928a42d898d78b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"jan gestre" <freebsd.ph@gmail.com> wrote:
> so the question is, when will the php port be upgraded? it's been days
> already but i still keep on seeing the vulnerability message even if you say
> that it isn't that critical.
1) The suhosin patchset apparently plugs the hole. Unfortunately,
portaudit isn't aware of this and still reports the package as
vulnerable.
2) The PHP folks haven't release the patch yet, although it's in their
CVS.
3) Somebody _could_ generate a patchfile for the FreeBSD port -- don't
know why nobody has.
So, the answer is "I don't know."
--
Bill Moran
There's more'n seventy little earth's spinning about the galaxy, and the
meek have inherited not a one.
Malcom Reynolds
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061015210044.5d900f29.wmoran>