Hi Jonathan Jonathan Horne schrieb: > On Sunday 15 October 2006 08:12, Joerg Pernfuss wrote: >> On Sun, 15 Oct 2006 14:31:25 +0200 >> >> "Khaled J. Hussein" <[EMAIL PROTECTED]> wrote: >>> hi all >>> >>> last time i found this when i run portaudit -Fda >>> >>> Affected package: php5-5.1.6 >>> Type of problem: php -- _ecalloc Integer Overflow Vulnerability. >>> Reference: >>> <http://www.FreeBSD.org/ports/portaudit/e329550b-54f7-11db-a5ae-00508d6a6 >>> 2df.html> >>> >>> how can i fix this >> update ypur portstree. you'll get php5-5.1.6_1 which fixes the _ecalloc >> overflow, but not yet the open_basedir race condition. >> >> Joerg > > ive been scratching my head on this one for a few days too. i have a box at > home, that is running 6.2-PRERELEASE. when i try to install the lang/php5 > port, i get: > > [EMAIL PROTECTED] /usr/ports/lang/php5]# make install clean > ===> php5-5.1.6_1 has known vulnerabilities: > => php -- open_basedir Race Condition Vulnerability. > Reference: > <http://www.FreeBSD.org/ports/portaudit/edabe438-542f-11db-a5ae-00508d6a62df.html> > => Please update your ports tree and try again. > *** Error code 1 > > Stop in /usr/ports/lang/php5. > > however, my server is running the same port, with no issue whatsoever. > > [EMAIL PROTECTED] /etc/mail]# pkg_info | grep php5 > php5-5.1.6_1 > (and many extensions too) > > perplexing that one box could have it, while another one (using the same > updated ports tree), refuses it. could be related to the code branch im > following on my workstaion versus my server?
Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You can use: make -DDISABLE_VULNERABILITIES install clean It will ignore the vuxml entry. Cheers, Thomas _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"