Re: About PHP 5.X in FreeBSD port tree



On Tue, Apr 3, 2012 at 2:54 AM, James Chang <james.technew@xxxxxxxxx> wrote:
Dear Sir,

       Thanks for your notice, but there seems no information about
whether the vulnerabilities about CVE-2011-2483, CVE-2011-4153 and
CVE-2011-3389 were fixed in FreeBSD port tree (PHP 5.3.10_1) or not?

Looks like CVE-2011-2483 applies to PHP before 5.3.7:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483

and CVE-2011-4153 applies to 5.3.8:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4153

and CVE-2011-3389 does not apply to PHP AFAIK:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389

Since the version in ports is 5.3.10, I think you're safe. I'm sure
someone will correct me if I'm off the mark.

Personally, I use portaudit to keep it all straight:
http://www.freebsd.org/cgi/url.cgi?ports/ports-mgmt/portaudit/pkg-descr

Additionally, I'm signed up for the digest version of the US-CERT
alerts from here:
http://www.us-cert.gov/cas/signup.html

Pretty good because it shows right in the second column of the report
what versions are affected.

Cheers!
Rob
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: About PHP 5.X in FreeBSD port tree
    ... James Chang ha scritto: ... CVE-2011-3389 were fixed in FreeBSD port tree (PHP 5.3.10_1) or not? ...
    (FreeBSD-Security)
  • Re: About PHP 5.X in FreeBSD port tree
    ... CVE-2011-3389 were fixed in FreeBSD port tree (PHP 5.3.10_1) or not? ... Best Regards! ... James Chang ...
    (FreeBSD-Security)
  • Re: get_memory_usage() and mysql resource usage?
    ... suspect memory or resource limits in MySQL might be the problem. ... I have a set of php scripts which query the database with some pretty ... report, it take about 30-45 seconds to generate, and 5 MB of memory, ...
    (alt.php)
  • Stuck & Need Help with "Generate Report"
    ... I need to complete this "Generate Report" page for my employer and I'm ... What I want to do is create a single file to display and process the ... can I have this page split PHP | HTML |PHP when using the "if ... php file so that if sumbitted, here is the query and output BUT if not ...
    (comp.lang.php)
  • PERL CGI, HTML and PHP
    ... My issue arises from the fact that I've had to move from a pure perl web interface to PHP for it's additional feature set. ... Until now, all my output has been generated by perl CGI scripts and output to STDOUT directly, which is fine, but leaves the report rather sparse looking. ... but now I want to take that output and fold it into the PHP headers and footers I've built to keep from having to rewrite the navigation menus and copyright info and such and I can't quite figure out the best way to do it. ...
    (perl.beginners)