tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: PHP version selection

On Wed, Apr 13, 2011 at 03:57:07PM +0200, Edgar Fu? wrote:
 > I'm confused by the PHP version selection mechanism.
 > I thougt the default for PHP_VERSION_DEFAULT was 5, an that meant "some 5.x".

"5" actually means 5.2, because until 5.3 came along it was "5" vs. "4".
IIRC, anyway.

It would probably be a good thing to fix this, but I suspect it's not
a small task.

 > However, building mail/squirrelmail with no preferece set seems to
 > build lang/php5, which is 5.2.17, which is EoL'ed (and vulnerable).
 > Well, currently, it doesn't really matter because lang/php53 (being
 > 5.3.6) is vulnerable, too.

It's safe to just assume php is always vulnerable. :-/

David A. Holland

Home | Main Index | Thread Index | Old Index