PHP Vulnerabilities and Suhosin
infofarmer at FreeBSD.org
Sun Oct 8 07:58:54 PDT 2006
On 10/6/06, Alex Dupre <ale at freebsd.org> wrote:
> Andrew Pantyukhin ha scritto:
> > I've noticed we have WITH_SUHOSIN option. It may
> > alleviate some security issues. In particular, suhosin
> > 0.9.6 fixes this latest issue. Can we somehow make
> > this option influence PKGNAME (suffix, prefix, version
> > or revision) so I can mark php+suhosin 0.9.6 safe in
> > VuXML?
> No, because what fixes the problem is the suhosin extension
> (security/php-suhosin) and not the suhosin patch.
I think we should mark suhosin 0.9.5 as vulnerable to
encourage an upgrade (in the same advisory). What do
More information about the freebsd-ports