From owner-freebsd-ports@FreeBSD.ORG Thu Mar 3 20:21:50 2011 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C665106564A for ; Thu, 3 Mar 2011 20:21:50 +0000 (UTC) (envelope-from michael.scheidell@secnap.com) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [204.89.241.253]) by mx1.freebsd.org (Postfix) with ESMTP id EA28E8FC12 for ; Thu, 3 Mar 2011 20:21:49 +0000 (UTC) Received: from mx1.secnap.com.ionspam.net (mx1.secnap.com.ionspam.net [10.70.1.253]) by mx1.secnap.com.ionspam.net (Postfix) with ESMTP id 585742B7CD0 for ; Thu, 3 Mar 2011 15:21:49 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=secnap.com; h= content-transfer-encoding:content-type:content-type:in-reply-to :references:subject:subject:mime-version:user-agent:from:from :date:date:message-id; s=dkim; t=1299183708; x=1300998108; bh=Qw FusF/XHHwK4TBj8K0qlr0AJMyR07kLraqYd8f+gus=; b=h+DVfmkwwaRqJLC3Wp BAn3SUQtiWVKb1AAkrNnH7JZp6wXEgTBtoJ7HCiot9kMMEoLsijf4CqEPzDtozkH NQpb4YlsyTFi5UPygpMyhha5anzdL5xsSPSq1y0bbX51T44xaiWocz2DmLeyY7Ya pK+jUYKOUR1MMkJJoVb5hAlqE= X-Amavis-Modified: Mail body modified (using disclaimer) - mx1.secnap.com.ionspam.net X-Virus-Scanned: SpammerTrap(r) VPS-1500 2.14 at mx1.secnap.com.ionspam.net Received: from USBCTDC001.secnap.com (usbctdc001.secnap.com [10.70.1.1]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by mx1.secnap.com.ionspam.net (Postfix) with ESMTPS id 3E9C42B7CD2 for ; Thu, 3 Mar 2011 15:21:48 -0500 (EST) Received: from macintosh.secnap.com (10.70.3.3) by USBCTDC001.secnap.com (10.70.1.1) with Microsoft SMTP Server (TLS) id 14.0.722.0; Thu, 3 Mar 2011 15:21:48 -0500 Message-ID: <4D6FF86C.7070305@secnap.com> Date: Thu, 3 Mar 2011 15:22:04 -0500 From: Michael Scheidell User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.14) Gecko/20110221 Thunderbird/3.1.8 MIME-Version: 1.0 To: References: <4D6FF565.9070608@netfence.it> In-Reply-To: <4D6FF565.9070608@netfence.it> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: PHP52 vulnerability X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2011 20:21:50 -0000 I question the vulnerability. I don't think it applies. the alert is from 2006, and there isn't a POC I have tested against php52- 5.2.17 with nulls in it that seems to trigger anything but 404 errors. (please don't try on ours... this is not a challenge. but if you have a POC, let me know and _I_ will try it) so, php 5.3? big differences! BIG. look at /usr/ports/UPDATING to see. php_ini needs changes also. On 3/3/11 3:09 PM, Andrea Venturoli wrote: > Is there any news on the horizon? > Will a new version be released and/or the port updated? > Any possible patch? -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 ISN: 1259*1300 >*| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best in Email Security,2010: Network Products Guide * King of Spam Filters, SC Magazine 2008 ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.secnap.com/products/spammertrap/ ______________________________________________________________________