[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: php-5.2.14 and security vulnerability
PHP 5.2.14 Released! [22-Jul-2010]
This release marks the end of the active support for PHP 5.2. Following
this release the PHP 5.2 series will receive no further active bug
maintenance. Security fixes for PHP 5.2 might be published on a case by
cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
I suggest you to check security advisories, and if these advisiories are
for features that you will not enable, it would be no problem to use
5.2.14 -- though 5.3 choice is better.
On 11/16/10 17:55, Joel Carnat wrote:
I was on my way to compile database/php5-ldap.
In that process, I encountered the following error:
===> Checking for vulnerabilities in php-5.2.14
Package php-5.2.14 has a multiple-vulnerabilities vulnerability, see
Package php-5.2.14 has a denial-of-service vulnerability, see
Package php-5.2.14 has a sensitive-information-exposure vulnerability, see
ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in
pkg_install.conf(5) if this package is absolutely essential.
Do we have a safe (hear not using ALLOW_VULNERABLE_PACKAGES ;) way to enable
I couldn't find any update notification on the CVS tree.
Did I miss something ?
Main Index |
Thread Index |