Is somebody stopping you from installing via source?
Kian
paul dansing wrote:
Is there some reason this issue is being ignored? What, you people
need to see an exploit before you will even LOOK at it and answer
whether it is vuln?
Can someone please give a straight answer about these PHP security
holes? OpenBSD 3.9 released yesterday had packages supporting:
php 4.4.1p0
php 5.0.5p0
are either of these vulnerable? if so, is someone going to release
updated packages (not just ports)?
the php 5.1.3 release:
The security issues resolved include the following:
* Disallow certain characters in session names.
* Fixed a buffer overflow inside the wordwrap() function.
* Prevent jumps to parent directory via the 2nd parameter of the tempnam()
function.
* Enforce safe_mode for the source parameter of the copy() function.
* Fixed cross-site scripting inside the phpinfo() function.
* Fixed offset/length parameter validation inside the substr_compare()
function.
* Fixed a heap corruption inside the session extension.
* Fixed a bug that would allow variable to survive unset().
thanks
Monday, May 1, 2006, 7:18:50 AM, you wrote:
Hi.
I haven't recieved a single test report, but I still get
letters about asking for an update. How's that?
This tarball also includes mysqli, fastcgi and hardened php support:
http://gi.unideb.hu/~robert/php.tar.gz
On (28/04/06 01:59), Robert Nagy wrote:
Hi.
Finally after fighting with pear I've managed to create a working update
for the php5 port.
The PHP guys have changed the installation method of pear to use some crappy
PHP_Archive. With this move they broke the installation of pear on serveral
linux distros (e.g. Frugalware), OpenDarwin and on OpenBSD of course.
Any other crappy package managements where they install files directly to
${LOCALBASE}
--
Kian Mohageri
ResTek, Western Washington University
[EMAIL PROTECTED]
