From: Peter Pentchev (firstname.lastname@example.org)
- Next message: Tobias Roth: "Re: PHP 4.1.1 security bug"
- Previous message: Gregory Sutter: "Re: Changing Passwords through the web"
- In reply to: Michael Sharp: "Re: cvsup"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Feb 2002 12:47:29 +0200 From: Peter Pentchev <email@example.com> To: Michael Sharp <firstname.lastname@example.org>
On Wed, Feb 27, 2002 at 06:18:02PM -0500, Michael Sharp wrote:
> On Wednesday 27 February 2002 06:03 pm, you wrote:
> > This is actually more of a -ports question...
> > On Wed, Feb 27, 2002 at 05:51:50PM -0500, Michael Sharp wrote:
> > > I ran cvsup on ports 20 minutes ago and noticed that new Makefiles were
> > > pulled down for mod_php3 and mod_php4. I then ran portsdb -U to update
> > > the INDEX file, but portversion shows that the new Makefiles didnt change
> > > the version number.
> > >
> > > So my question is this... was this the fix for the PHP issue, and all I
> > > need to do new is cd to the mod_php4 directory and run 'make deinstall
> > > distclean', then do a 'make install' in mod_php4 to rebuild with the new
> > > changes?
> > I committed an update earlier marking the ports as FORBIDDEN due to
> > the security issue until the maintainer update the ports. The
> > maintainer updated the ports to the non-vulnerable versions about
> > 1/2 hour ago. Chances are you only received the FORBIDDEN update
> > and may have to way up to another 1/2 hour until the newer changes
> > have propagated.
> > To check, see if the ports are marked with a FORBIDDEN line. You may
> > also use cvsweb:
> > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/mod_php3/
> > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/mod_php4/
> > to see if the Makefile in your ports tree matches the newest version
> > in the repository.
> God forbide, I sent to the wrong list. ppl are more concerned about a posting
> to a list than putting out something via announcements, ports, errata, smoke
> signals or something. I'll figure it out myself
Erm, you did notice, did you not, that Chris actually replied to your
question with a nice explanation of the FORBIDDEN tag and the updated
As for the advisories, I expect one would go out shortly - drafting
and issuing a security advisory is not too simple, it is definitely
not just a matter of sitting down for five minutes and spewing out
a couple of pages of text..
-- Peter Pentchev email@example.com roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553 This sentence would be seven words long if it were six words shorter.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- application/pgp-signature attachment: stored