Re: PHP new vulnarabilities

2006-10-15 Thread Bill Moran
"jan gestre" <[EMAIL PROTECTED]> wrote: > so the question is, when will the php port be upgraded? it's been days > already but i still keep on seeing the vulnerability message even if you say > that it isn't that critical. 1) The suhosin patchset apparently plugs the hole. Unfortunately, port

Re: PHP new vulnarabilities

2006-10-15 Thread jan gestre
so the question is, when will the php port be upgraded? it's been days already but i still keep on seeing the vulnerability message even if you say that it isn't that critical. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailm

Re: PHP new vulnarabilities

2006-10-15 Thread Thomas Vogt
Paul Schmehl schrieb: > --On October 15, 2006 4:31:48 PM -0400 DAve <[EMAIL PROTECTED]> > wrote: >> >> That is a bit extreme. I have a full workload, I put in about 60 hours a >> week (I work a lot of weekends, I'm working now). I have servers running >> all different version of apps. I can't go

Re: PHP new vulnarabilities

2006-10-15 Thread Paul Schmehl
--On October 15, 2006 4:31:48 PM -0400 DAve <[EMAIL PROTECTED]> wrote: That is a bit extreme. I have a full workload, I put in about 60 hours a week (I work a lot of weekends, I'm working now). I have servers running all different version of apps. I can't go around upgrading everything at the dr

Re: PHP new vulnarabilities

2006-10-15 Thread DAve
Paul Schmehl wrote: --On October 15, 2006 7:49:55 PM +0200 Thomas <[EMAIL PROTECTED]> wrote: Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You can use: make -DDISABLE_VULNERABILITIES install clean It will ignore the vuxml entry. No offense, but anybody who *deliberately*

Re: PHP new vulnarabilities

2006-10-15 Thread Paul Schmehl
--On October 15, 2006 2:50:34 PM -0400 Bill Moran <[EMAIL PROTECTED]> wrote: Have you looked at the vulnerability? There are only certian coding instances that would actually open this up to any attack vector. Since the bug is in unserialize, it's pretty easy audit a program to ensure that it

Re: PHP new vulnarabilities

2006-10-15 Thread Joerg Pernfuss
On Sun, 15 Oct 2006 13:07:15 -0500 Paul Schmehl <[EMAIL PROTECTED]> wrote: > --On October 15, 2006 7:49:55 PM +0200 Thomas > <[EMAIL PROTECTED]> > wrote: > > > > Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. > > You can use: > > make -DDISABLE_VULNERABILITIES install clean >

Re: PHP new vulnarabilities

2006-10-15 Thread Bill Moran
Paul Schmehl <[EMAIL PROTECTED]> wrote: > --On October 15, 2006 7:49:55 PM +0200 Thomas <[EMAIL PROTECTED]> > wrote: > > > > Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You > > can use: > > make -DDISABLE_VULNERABILITIES install clean > > It will ignore the vuxml entry. >

Re: PHP new vulnarabilities

2006-10-15 Thread Paul Schmehl
--On October 15, 2006 7:49:55 PM +0200 Thomas <[EMAIL PROTECTED]> wrote: Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You can use: make -DDISABLE_VULNERABILITIES install clean It will ignore the vuxml entry. No offense, but anybody who *deliberately* installs a vulnerable

Re: PHP new vulnarabilities

2006-10-15 Thread Paul Schmehl
--On October 15, 2006 12:39:11 PM -0500 Jonathan Horne <[EMAIL PROTECTED]> wrote: ive been scratching my head on this one for a few days too. i have a box at home, that is running 6.2-PRERELEASE. when i try to install the lang/php5 port, i get: [EMAIL PROTECTED] /usr/ports/lang/php5]# make

Re: PHP new vulnarabilities

2006-10-15 Thread Thomas
Hi Jonathan Jonathan Horne schrieb: > On Sunday 15 October 2006 08:12, Joerg Pernfuss wrote: >> On Sun, 15 Oct 2006 14:31:25 +0200 >> >> "Khaled J. Hussein" <[EMAIL PROTECTED]> wrote: >>> hi all >>> >>> last time i found this when i run portaudit -Fda >>> >>> Affected package: php5-5.1.6 >>> Type

Re: PHP new vulnarabilities

2006-10-15 Thread Jonathan Horne
On Sunday 15 October 2006 08:12, Joerg Pernfuss wrote: > On Sun, 15 Oct 2006 14:31:25 +0200 > > "Khaled J. Hussein" <[EMAIL PROTECTED]> wrote: > > hi all > > > > last time i found this when i run portaudit -Fda > > > > Affected package: php5-5.1.6 > > Type of problem: php -- _ecalloc Integer Overfl

Re: PHP new vulnarabilities

2006-10-15 Thread Joerg Pernfuss
On Sun, 15 Oct 2006 14:31:25 +0200 "Khaled J. Hussein" <[EMAIL PROTECTED]> wrote: > hi all > > last time i found this when i run portaudit -Fda > > Affected package: php5-5.1.6 > Type of problem: php -- _ecalloc Integer Overflow Vulnerability. > Reference: >

Re: PHP new vulnarabilities

2006-10-15 Thread Robert Joosten
Hi Khaled, > Affected package: php5-5.1.6 > Type of problem: php -- _ecalloc Integer Overflow Vulnerability. > > how can i fix this Compile php from source after applying http://www.hardened-php.net/files/CVE-2006

PHP new vulnarabilities

2006-10-15 Thread Khaled J. Hussein
hi all last time i found this when i run portaudit -Fda Affected package: php5-5.1.6 Type of problem: php -- _ecalloc Integer Overflow Vulnerability. Reference: how can i fix this -- Best regards, ***