Date: Thu, 03 Mar 2011 21:09:09 +0100 From: Andrea Venturoli <ml@netfence.it> To: admin@lissyara.su, freebsd-ports@freebsd.org Subject: PHP52 vulnerability Message-ID: <4D6FF565.9070608@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello. As you probably know, it looks like php52 is vulnerable: Affected package: php52-5.2.17 Type of problem: php -- NULL byte poisoning. Reference: http://portaudit.FreeBSD.org/3761df02-0f9c-11e0-becc-0022156e8794.html Is there any news on the horizon? Will a new version be released and/or the port updated? Any possible patch? Don't get me wrong, I'm not sentimentally tied to this version of php. Rather, the problem is the fun the dev team must have experienced going a long way into deprecation of tons of things, which, by the way, breaks almost any non trivial application I know of (a couple of examples being KnowledgeTree and Horde). On some box I tried the switch and had to go back immediately. bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4D6FF565.9070608>