From owner-freebsd-questions@FreeBSD.ORG  Sun Oct 15 13:12:55 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0AF0A16A40F
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Oct 2006 13:12:55 +0000 (UTC)
	(envelope-from elessar@bsdforen.de)
Received: from mail.bsdforen.de (bsdforen.de [212.204.60.79])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6360843D49
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Oct 2006 13:12:54 +0000 (GMT)
	(envelope-from elessar@bsdforen.de)
Received: from loki.starkstrom.lan (p549CF82C.dip.t-dialin.net [84.156.248.44])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.bsdforen.de (Postfix) with ESMTP id 7C40F424109
	for <freebsd-questions@freebsd.org>;
	Sun, 15 Oct 2006 15:12:52 +0200 (CEST)
Date: Sun, 15 Oct 2006 15:12:15 +0200
From: Joerg Pernfuss <elessar@bsdforen.de>
To: freebsd-questions@freebsd.org
Message-ID: <20061015151215.15a4062e@loki.starkstrom.lan>
In-Reply-To: <45322A1D.8070204@hadara.ps>
References: <45322A1D.8070204@hadara.ps>
X-Mailer: Sylpheed-Claws 2.2.3 (GTK+ 2.8.20; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=Sig_xb3ifI11KSy21F1WTaAJH.F;
	protocol="application/pgp-signature"; micalg=PGP-SHA1
Subject: Re: PHP new vulnarabilities
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Oct 2006 13:12:55 -0000

--Sig_xb3ifI11KSy21F1WTaAJH.F
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Sun, 15 Oct 2006 14:31:25 +0200
"Khaled J. Hussein" <khaled@hadara.ps> wrote:

> hi all
>=20
> last time i found this when i run portaudit -Fda
>=20
> Affected package: php5-5.1.6
> Type of problem: php -- _ecalloc Integer Overflow Vulnerability.
> Reference:
> <http://www.FreeBSD.org/ports/portaudit/e329550b-54f7-11db-a5ae-00508d6a6=
2df.html>
>=20
> how can i fix this

update ypur portstree. you'll get php5-5.1.6_1 which fixes the _ecalloc
overflow, but not yet the open_basedir race condition.

	Joerg
--=20
| /"\   ASCII ribbon   |  GnuPG Key ID | e86d b753 3deb e749 6c3a |
| \ / campaign against |    0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 |
|  X    HTML in email  |        .the next sentence is true.       |
| / \     and news     |     .the previous sentence was a lie.    |

--Sig_xb3ifI11KSy21F1WTaAJH.F
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (FreeBSD)

iD8DBQFFMjOwH31s/bvKrSQRAl+cAJ9MR1Bm1nrcB2dzSlexJiinyqZCBwCfffiq
qEFio0+FWeHxKCA0rM5rTSA=
=l65e
-----END PGP SIGNATURE-----

--Sig_xb3ifI11KSy21F1WTaAJH.F--