CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2014/06/28 07:14:50
Modified files:
lang/php/5.4 : Tag: OPENBSD_5_5 Makefile distinfo
Log message:
MFC PHP security update, "Over 20 bugs were fixed in this release, including
the following CVEs: CVE-2014-3981, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479,
CVE-2014-3480, CVE-2014-3487, CVE-2014-4049, CVE-2014-3515."
Not on the CVE list is this phpinfo bug https://bugs.php.net/bug.php?id=67498,
"if you are running as mod_php and there is mod_ssl this could be used to
steal the private SSL key from memory (if you can inject PHP code)."
