Re: validity of php 5.2.1 vulnerability

From: Andrew Pantyukhin <infofarmer@xxxxxxxxxxx>
Date: Sat, 3 May 2008 16:51:14 +0400

On Thu, May 01, 2008 at 10:27:09AM +0200, Gunther Mayer wrote:

Hi there,

Some days ago there was an integer overflow vulnerability posted for php
5.2.1 and earlier

You mean 5.2.5. 5.2.5_1 fixed a different kind of problem. 5.2.6
has just been committed; update your ports tree, please. Yes,
there was a time window between the advisory and the commit, when
you could do nothing but wait (or get the relevant patch from the
PHP project). We're sorry to have kept you waiting.
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

References:
- validity of php 5.2.1 vulnerability
  - From: Gunther Mayer

Prev by Date: Re: Anti-virus software for 7.0
Next by Date: Vulnerability with compromised geli credentials?
Previous by thread: validity of php 5.2.1 vulnerability
Next by thread: Vulnerability with compromised geli credentials?
Index(es):
- Date
- Thread

Relevant Pages

Re: Using transactions in MySQL + PHP
... but with PHP. ... If I only used MySQL i ... So if one of the first 3 queries fail, ... COMMIT will be done, then no data will be saved. ...
(comp.lang.php)
Re: Using transactions in MySQL + PHP
... Their use is not dependent on PHP or any other language. ... They work the same from the MySQL command line, ... So if one of the first 3 queries fail, ... COMMIT will be done, then no data will be saved. ...
(comp.lang.php)
Re: mysql delimiter
... > value from somewhere besides the mysql cli ... > php 5 seems to make it easy. ... i am going to use start transaction and commit. ...
(comp.lang.php)
validity of php 5.2.1 vulnerability
... Some days ago there was an integer overflow vulnerability posted for php 5.2.1 and earlier. ... I immediately upgraded my php to 5.2.1_1 but portaudit still complains that the vulnerability still exists: ... Looking closer at the information given in the above URL the vulnerability specifies that all "php5>0" is affected, which to me means that all php5 versions until all eternity will be marked vulnerable, not only those <= 5.2.1. ...
(FreeBSD-Security)
Re: [PHP] Finally, PDF Header for PDF stuffs that work....
... > have the patience to stare at a blank browser waiting for the file. ... Check the pdf's 'Document properties' and You'll see if the option ... "My PHP key is worn out" ...
(php.general)