[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
RE: php-5.2.14 and security vulnerability
I saw both 5.2.x and 5.3.x packages on nyftp.
So I binary-upgraded my packages with those (5.3).
What is the pkgsrc keyword to enable 5.3 ?
I tried "PKG_PHP_VERSION=53 make clean" but that didn't work.
À: Joel Carnat <joel%carnat.net@localhost>;
De: Cem Kayali <cemkayali%eticaret.com.tr@localhost>
Envoyé: mer. 17-11-2010 01:03
Sujet: Re: php-5.2.14 and security vulnerability
> PHP 5.2.14 Released! [22-Jul-2010]
> This release marks the end of the active support for PHP 5.2. Following
> this release the PHP 5.2 series will receive no further active bug
> maintenance. Security fixes for PHP 5.2 might be published on a case by
> cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
> I suggest you to check security advisories, and if these advisiories are
> for features that you will not enable, it would be no problem to use
> 5.2.14 -- though 5.3 choice is better.
> On 11/16/10 17:55, Joel Carnat wrote:
> > Hello,
> > I was on my way to compile database/php5-ldap.
> > In that process, I encountered the following error:
> > ===> Checking for vulnerabilities in php-5.2.14
> > Package php-5.2.14 has a multiple-vulnerabilities vulnerability, see
> > Package php-5.2.14 has a denial-of-service vulnerability, see
> > Package php-5.2.14 has a sensitive-information-exposure vulnerability,
> > see
> > ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in
> pkg_install.conf(5) if this package is absolutely essential.
> > Do we have a safe (hear not using ALLOW_VULNERABLE_PACKAGES ;) way to
> > enable
> PHP ?
> > I couldn't find any update notification on the CVS tree.
> > Did I miss something ?
> > TIA,
> > Jo
Main Index |
Thread Index |