Date: Sun, 8 Oct 2006 18:58:52 +0400 From: "Andrew Pantyukhin" <infofarmer@FreeBSD.org> To: "Alex Dupre" <ale@freebsd.org> Cc: FreeBSD Ports <ports@freebsd.org> Subject: Re: PHP Vulnerabilities and Suhosin Message-ID: <cb5206420610080758i486be08ch4f06195991631028@mail.gmail.com> In-Reply-To: <45256898.3000506@FreeBSD.org> References: <cb5206420610050053kf729b24p812cd5a08e74019a@mail.gmail.com> <45256898.3000506@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/6/06, Alex Dupre <ale@freebsd.org> wrote: > Andrew Pantyukhin ha scritto: > > I've noticed we have WITH_SUHOSIN option. It may > > alleviate some security issues. In particular, suhosin > > 0.9.6 fixes this latest issue. Can we somehow make > > this option influence PKGNAME (suffix, prefix, version > > or revision) so I can mark php+suhosin 0.9.6 safe in > > VuXML? > > No, because what fixes the problem is the suhosin extension > (security/php-suhosin) and not the suhosin patch. I think we should mark suhosin 0.9.5 as vulnerable to encourage an upgrade (in the same advisory). What do you think?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420610080758i486be08ch4f06195991631028>