Subject: php-5.1.4nb1 vulnerability : fix planned?
To: None <netbsd-users@NetBSD.org>
From: Gilles Gravier <Gilles@Gravier.org>
List: netbsd-users
Date: 07/18/2006 17:44:01
This is a cryptographically signed message in MIME format.

--------------ms090009030707080403080901
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hi!

This has been reported on my system for some time :

Running /etc/security.local:
Package php-5.1.4nb1 has a security-bypass vulnerability, see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3011


Any schedule for a fix/update?

Gilles.



--------------ms090009030707080403080901
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJeTCC
AxcwggKAoAMCAQICAw9CWjANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UE
ChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNv
bmFsIEZyZWVtYWlsIElzc3VpbmcgQ0EwHhcNMDUwODA1MjI1NzM4WhcNMDYwODA1MjI1NzM4
WjBfMRAwDgYDVQQEEwdHcmF2aWVyMQ8wDQYDVQQqEwZHaWxsZXMxFzAVBgNVBAMTDkdpbGxl
cyBHcmF2aWVyMSEwHwYJKoZIhvcNAQkBFhJnaWxsZXNAZ3Jhdmllci5vcmcwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC199MMtghWzKIuhBXAWnzNNefa/UJHgdS7GYtMt2Yz
1KPvEP1P5IIg/X1SH6nHQIDBQkN9DKAJ6DIPRkckbrg7HyuTus6w+FgyGEjb7Jd1NKAPU04P
agz3kVU7sf/NoqIeVjNP2f3R6zXvtWFHE6VGzH6JmSx8XNRSoFMoXGI5wG6K8IWqZhiUdyNQ
lKavpdj6QE0YngxNq49tzlsXb/yOZtTA5IfNi2bFwMJfXEICDpkF1zzXnsSLq+FnZgCQW0Xp
0B2aaoZY0cxcYESTubpK89/aPvWIqKsAjYhfBrRYc2k4+eip3UDGeav6DdDKCROLs28RnI0E
jHO7ZM/hzVwXAgMBAAGjWjBYMCkGBStlAQQBBCAwHgIBADAZMBcCAQQEEmM4dkRHN0xGenBH
Y0t1UjJKUTAdBgNVHREEFjAUgRJnaWxsZXNAZ3Jhdmllci5vcmcwDAYDVR0TAQH/BAIwADAN
BgkqhkiG9w0BAQQFAAOBgQA/cRlhXQiI9xAU0Rm/pVbm3icXgL5XXvfcbA2V5Z2uKqRDcgtw
eNHs6kAlYP+qBZkCnvCu1ECdMQETJB3iP9czDQajkJhJBVmAD1ka14OeQyvLM8PiYk2vJ9q5
8VjYuWNGiHHydL0CHfxPXJZTY0koIJfdhvCzsxwfRsZ8pllOnDCCAxcwggKAoAMCAQICAw9C
WjANBgkqhkiG9w0BAQQFADBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1
bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElz
c3VpbmcgQ0EwHhcNMDUwODA1MjI1NzM4WhcNMDYwODA1MjI1NzM4WjBfMRAwDgYDVQQEEwdH
cmF2aWVyMQ8wDQYDVQQqEwZHaWxsZXMxFzAVBgNVBAMTDkdpbGxlcyBHcmF2aWVyMSEwHwYJ
KoZIhvcNAQkBFhJnaWxsZXNAZ3Jhdmllci5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQC199MMtghWzKIuhBXAWnzNNefa/UJHgdS7GYtMt2Yz1KPvEP1P5IIg/X1SH6nH
QIDBQkN9DKAJ6DIPRkckbrg7HyuTus6w+FgyGEjb7Jd1NKAPU04Pagz3kVU7sf/NoqIeVjNP
2f3R6zXvtWFHE6VGzH6JmSx8XNRSoFMoXGI5wG6K8IWqZhiUdyNQlKavpdj6QE0YngxNq49t
zlsXb/yOZtTA5IfNi2bFwMJfXEICDpkF1zzXnsSLq+FnZgCQW0Xp0B2aaoZY0cxcYESTubpK
89/aPvWIqKsAjYhfBrRYc2k4+eip3UDGeav6DdDKCROLs28RnI0EjHO7ZM/hzVwXAgMBAAGj
WjBYMCkGBStlAQQBBCAwHgIBADAZMBcCAQQEEmM4dkRHN0xGenBHY0t1UjJKUTAdBgNVHREE
FjAUgRJnaWxsZXNAZ3Jhdmllci5vcmcwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQFAAOB
gQA/cRlhXQiI9xAU0Rm/pVbm3icXgL5XXvfcbA2V5Z2uKqRDcgtweNHs6kAlYP+qBZkCnvCu
1ECdMQETJB3iP9czDQajkJhJBVmAD1ka14OeQyvLM8PiYk2vJ9q58VjYuWNGiHHydL0CHfxP
XJZTY0koIJfdhvCzsxwfRsZ8pllOnDCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAw
gdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUg
VG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRp
b24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFp
bCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0w
MzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxU
aGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwg
RnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV
+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfAr
hVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/
p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8
MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWls
Q0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxh
YmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/
TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amc
OY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggM7MIID
NwIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5
KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQID
D0JaMAkGBSsOAwIaBQCgggGnMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN
AQkFMQ8XDTA2MDcxODE1NDQwMVowIwYJKoZIhvcNAQkEMRYEFPjRUGo+xS2YaWpNJnetuDTZ
sYMjMFIGCSqGSIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqG
SIb3DQMCAgFAMAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMHgGCSsGAQQBgjcQBDFrMGkwYjEL
MAkGA1UEBhMCWkExJTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAq
BgNVBAMTI1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBAgMPQlowegYLKoZI
hvcNAQkQAgsxa6BpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGlu
ZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWlu
ZyBDQQIDD0JaMA0GCSqGSIb3DQEBAQUABIIBADBrSMgTZNwSLimJSml5LRgQpDLLrEUEjm3l
it27aBXr4KOZJIQ1kt6OvfIJbBbXhcqWAKHBBQWGP44f2Pd8B4LoweOFLhED9Z+xcGSXFeX1
/Bq+ufe50URNKC8/a6zGhTdlxD8YTovY2QSnmxRGYxC1LTdLainj/3cre8R6LOJkbLirJGG+
FC9m3F2aNB8Zl24K1FUJ9D20kW74pULFnI6kNBMoaCR/hL9iQ+fwc72McHj1M2SDe9+AH6dT
4TwQKckVQ0oO7J1o4Y0e8KX2HptnByc3ZLiPguXPF0FQyO8fGhovlFUKs4WL5rRctLeVQKos
mQunLh1eTs8NELqK+YkAAAAAAAA=
--------------ms090009030707080403080901--