Re: php-5.2.14 and security vulnerability

To: Joel Carnat <joel%carnat.net@localhost>
Subject: Re: php-5.2.14 and security vulnerability
From: Cem Kayali <cemkayali%eticaret.com.tr@localhost>
Date: Wed, 17 Nov 2010 01:09:33 +0200


Hi,

PHP 5.2.14 Released! [22-Jul-2010]

This release marks the end of the active support for PHP 5.2. Followingthis release the PHP 5.2 series will receive no further active bugmaintenance. Security fixes for PHP 5.2 might be published on a case bycases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.

I suggest you to check security advisories, and if these advisiories arefor features that you will not enable, it would be no problem to use5.2.14 -- though 5.3 choice is better.


Regards,
Cem



On 11/16/10 17:55, Joel Carnat wrote:

Hello,

I was on my way to compile database/php5-ldap.
In that process, I encountered the following error:
  ===>  Checking for vulnerabilities in php-5.2.14
  Package php-5.2.14 has a multiple-vulnerabilities vulnerability, see 
http://secunia.com/advisories/39675/
  Package php-5.2.14 has a denial-of-service vulnerability, see 
http://secunia.com/advisories/41724/
  Package php-5.2.14 has a sensitive-information-exposure vulnerability, see 
http://secunia.com/advisories/42135/
  ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in 
pkg_install.conf(5) if this package is absolutely essential.

Do we have a safe (hear not using ALLOW_VULNERABLE_PACKAGES ;) way to enable 
PHP ?
I couldn't find any update notification on the CVS tree.

Did I miss something ?

TIA,
   Jo

Follow-Ups:
- RE: php-5.2.14 and security vulnerability
  - From: Joel Carnat

References:
- php-5.2.14 and security vulnerability
  - From: Joel Carnat

Prev by Date: Re: python3 for NetBSD/pkgsrc
Next by Date: Small package updates
Previous by Thread: php-5.2.14 and security vulnerability
Next by Thread: RE: php-5.2.14 and security vulnerability
Indexes:

Home | Main Index | Thread Index | Old Index