Date: Mon, 16 Oct 2006 18:54:28 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: Alex Dupre <ale@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/lang/php4 Makefile ports/lang/php4/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c patch-php.ini-dist patch-php.ini-recommended ports/lang/php5 Makefile ports/lang/php5/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c ... Message-ID: <20061016165426.GA1040@zaphod.nitro.dk> In-Reply-To: <200610160930.k9G9UwJj029252@repoman.freebsd.org> References: <200610160930.k9G9UwJj029252@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006.10.16 09:30:58 +0000, Alex Dupre wrote: > ale 2006-10-16 09:30:58 UTC > > FreeBSD ports repository > > Modified files: > lang/php4 Makefile > lang/php5 Makefile > Added files: > lang/php4/files patch-ext_standard_dir.c > patch-main_php_open_temporary_file.c > patch-php.ini-dist > patch-php.ini-recommended > lang/php5/files patch-ext_standard_dir.c > patch-main_php_open_temporary_file.c > patch-php.ini-dist > patch-php.ini-recommended > Log: > - fix open_basedir vulnerability in php4 and php5 [1] Do you have a CVE name or a reference for exactly which issue this is? > - add an alert on safe_mode intrinsic insecurity and > suggest to install the suhosin extension > - enable the suhosin patch by deafult also in php4 <secteam hat>Thanks!</> -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061016165426.GA1040>