Subject: Re: [Fwd: mailhost daily insecurity output for Thu May 25 03:00:00 CEST 2006]
To: Gilles Gravier <Gilles@Gravier.org>
From: Geert Hendrickx <ghen@telenet.be>
List: netbsd-users
Date: 05/25/2006 11:29:17
On Thu, May 25, 2006 at 10:53:07AM +0200, Gilles Gravier wrote:
> Hi!
> 
> Running /etc/security.local:
> Package php-4.4.2nb2 has a remote-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990
> Package php-4.4.2nb2 has a denial-of-service vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1991
> Package freetype2-2.1.10nb2 has a remote-code-execution vulnerability, see http://secunia.com/advisories/20100/
> Package cscope-15.5 has a arbitrary-code-execution vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2541
> 
> Any idea when fixes are planned? PHP has been in that state for some 
> time already... .(

PHP 4.4.3 RC1 is planned for 30/05...  

	Geert