php-5.2.14 and security vulnerability

To: pkgsrc-users%netbsd.org@localhost <pkgsrc-users%netbsd.org@localhost>
Subject: php-5.2.14 and security vulnerability
From: Joel Carnat <joel%carnat.net@localhost>
Date: Tue, 16 Nov 2010 16:55:32 +0100

Hello,

I was on my way to compile database/php5-ldap.
In that process, I encountered the following error:
 ===> Checking for vulnerabilities in php-5.2.14
 Package php-5.2.14 has a multiple-vulnerabilities vulnerability, see 
http://secunia.com/advisories/39675/
 Package php-5.2.14 has a denial-of-service vulnerability, see 
http://secunia.com/advisories/41724/
 Package php-5.2.14 has a sensitive-information-exposure vulnerability, see 
http://secunia.com/advisories/42135/
 ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in 
pkg_install.conf(5) if this package is absolutely essential.

Do we have a safe (hear not using ALLOW_VULNERABLE_PACKAGES ;) way to enable 
PHP ?
I couldn't find any update notification on the CVS tree.

Did I miss something ?

TIA,
  Jo

Follow-Ups:
- Re: php-5.2.14 and security vulnerability
  - From: Cem Kayali

Prev by Date: Re: ushyphmax.tex still missing
Next by Date: Re: python3 for NetBSD/pkgsrc
Previous by Thread: python3 for NetBSD/pkgsrc
Next by Thread: Re: php-5.2.14 and security vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index