hi all
last time i found this when i run portaudit -Fda
Affected package: php5-5.1.6
Type of problem: php -- _ecalloc Integer Overflow Vulnerability.
Reference:
http://www.FreeBSD.org/ports/portaudit/e329550b-54f7-11db-a5ae-00508d6a62df.html
how can i fix this
--
Best regards,
Hi Khaled,
Affected package: php5-5.1.6
Type of problem: php -- _ecalloc Integer Overflow Vulnerability.
http://www.FreeBSD.org/ports/portaudit/e329550b-54f7-11db-a5ae-00508d6a62df.html
how can i fix this
Compile php from source after applying
On Sun, 15 Oct 2006 14:31:25 +0200
Khaled J. Hussein [EMAIL PROTECTED] wrote:
hi all
last time i found this when i run portaudit -Fda
Affected package: php5-5.1.6
Type of problem: php -- _ecalloc Integer Overflow Vulnerability.
Reference:
On Sunday 15 October 2006 08:12, Joerg Pernfuss wrote:
On Sun, 15 Oct 2006 14:31:25 +0200
Khaled J. Hussein [EMAIL PROTECTED] wrote:
hi all
last time i found this when i run portaudit -Fda
Affected package: php5-5.1.6
Type of problem: php -- _ecalloc Integer Overflow Vulnerability.
Hi Jonathan
Jonathan Horne schrieb:
On Sunday 15 October 2006 08:12, Joerg Pernfuss wrote:
On Sun, 15 Oct 2006 14:31:25 +0200
Khaled J. Hussein [EMAIL PROTECTED] wrote:
hi all
last time i found this when i run portaudit -Fda
Affected package: php5-5.1.6
Type of problem: php -- _ecalloc
--On October 15, 2006 12:39:11 PM -0500 Jonathan Horne [EMAIL PROTECTED]
wrote:
ive been scratching my head on this one for a few days too. i have a
box at home, that is running 6.2-PRERELEASE. when i try to install the
lang/php5 port, i get:
[EMAIL PROTECTED] /usr/ports/lang/php5]# make
--On October 15, 2006 7:49:55 PM +0200 Thomas [EMAIL PROTECTED]
wrote:
Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You
can use:
make -DDISABLE_VULNERABILITIES install clean
It will ignore the vuxml entry.
No offense, but anybody who *deliberately* installs a vulnerable
Paul Schmehl [EMAIL PROTECTED] wrote:
--On October 15, 2006 7:49:55 PM +0200 Thomas [EMAIL PROTECTED]
wrote:
Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You
can use:
make -DDISABLE_VULNERABILITIES install clean
It will ignore the vuxml entry.
No offense,
On Sun, 15 Oct 2006 13:07:15 -0500
Paul Schmehl [EMAIL PROTECTED] wrote:
--On October 15, 2006 7:49:55 PM +0200 Thomas
[EMAIL PROTECTED]
wrote:
Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1.
You can use:
make -DDISABLE_VULNERABILITIES install clean
It will
--On October 15, 2006 2:50:34 PM -0400 Bill Moran
[EMAIL PROTECTED] wrote:
Have you looked at the vulnerability? There are only certian coding
instances that would actually open this up to any attack vector. Since
the bug is in unserialize, it's pretty easy audit a program to ensure
that it
Paul Schmehl wrote:
--On October 15, 2006 7:49:55 PM +0200 Thomas [EMAIL PROTECTED]
wrote:
Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You
can use:
make -DDISABLE_VULNERABILITIES install clean
It will ignore the vuxml entry.
No offense, but anybody who *deliberately*
--On October 15, 2006 4:31:48 PM -0400 DAve [EMAIL PROTECTED]
wrote:
That is a bit extreme. I have a full workload, I put in about 60 hours a
week (I work a lot of weekends, I'm working now). I have servers running
all different version of apps. I can't go around upgrading everything at
the
Paul Schmehl schrieb:
--On October 15, 2006 4:31:48 PM -0400 DAve [EMAIL PROTECTED]
wrote:
That is a bit extreme. I have a full workload, I put in about 60 hours a
week (I work a lot of weekends, I'm working now). I have servers running
all different version of apps. I can't go around
so the question is, when will the php port be upgraded? it's been days
already but i still keep on seeing the vulnerability message even if you say
that it isn't that critical.
___
freebsd-questions@freebsd.org mailing list
jan gestre [EMAIL PROTECTED] wrote:
so the question is, when will the php port be upgraded? it's been days
already but i still keep on seeing the vulnerability message even if you say
that it isn't that critical.
1) The suhosin patchset apparently plugs the hole. Unfortunately,
portaudit
15 matches
Mail list logo