From owner-freebsd-security@FreeBSD.ORG Thu Dec 30 16:08:10 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 102EB16A4CE for ; Thu, 30 Dec 2004 16:08:10 +0000 (GMT) Received: from mx5.roble.com (mx5.roble.com [206.40.34.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id EB4D243D1F for ; Thu, 30 Dec 2004 16:08:09 +0000 (GMT) (envelope-from marquis@roble.com) Received: from localhost (localhost [127.0.0.1]) by mx5.roble.com (Postfix) with ESMTP id 344A22BC2F for ; Thu, 30 Dec 2004 08:07:58 -0800 (PST) Date: Thu, 30 Dec 2004 08:07:58 -0800 (PST) From: Roger Marquis To: freebsd-security@freebsd.org In-Reply-To: <20041230120117.B8CBD16A4D7@hub.freebsd.org> References: <20041230120117.B8CBD16A4D7@hub.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-Id: <20041230160758.344A22BC2F@mx5.roble.com> Subject: Re: Found security expliot in port phpBB 2.0.8 FreeBSD4.10 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Dec 2004 16:08:10 -0000 > Julian Elischer writes: > ...or we could urge them to stop using PHP at all. If only... but in favor of what, Perl? One nice thing about PHP is its similarity to Java/JSP. Learn one and you're part way to learning the other, and JSP really is a web technology the security community should be encouraging. > Kris Kennaway wrote: > Remember that FreeBSD is supported by the community, so you also could > have submitted the update but didn't. With all due respect to Kris and his excellent work, shooting the messenger is probably not the best way to encourage discussion of substantive issues. -- Roger Marquis Roble Systems Consulting http://www.roble.com/