Re: About PHP 5.X in FreeBSD port tree

On Tue, Apr 3, 2012 at 2:54 AM, James Chang <james.technew@xxxxxxxxx> wrote:
Dear Sir,

       Thanks for your notice, but there seems no information about
whether the vulnerabilities about CVE-2011-2483, CVE-2011-4153 and
CVE-2011-3389 were fixed in FreeBSD port tree (PHP 5.3.10_1) or not?

Looks like CVE-2011-2483 applies to PHP before 5.3.7:

and CVE-2011-4153 applies to 5.3.8:

and CVE-2011-3389 does not apply to PHP AFAIK:

Since the version in ports is 5.3.10, I think you're safe. I'm sure
someone will correct me if I'm off the mark.

Personally, I use portaudit to keep it all straight:

Additionally, I'm signed up for the digest version of the US-CERT
alerts from here:

Pretty good because it shows right in the second column of the report
what versions are affected.

freebsd-security@xxxxxxxxxxx mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"