php4 vulnerabilities
Matthias Buelow
mkb at incubus.de
Thu Jun 9 14:01:22 GMT 2005
Hi folks,
I have various php4 ports installed, an up-to-date portaudit auditfile,
and it doesn't warn me about the following issues in php4 <4.3.11:
CVE-ID: CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043.
Don't these problems apply to the 4.3.10 as bundled in ports, or is the
auditfile just lagging? These are fairly serious issues, including a
remote buffer overflow with code injection. I only stumbled upon them
because I read about them being included in an update bundle for MacOS
X, on mainstream media (is there something like a
ports-security-notifications mailing list? Since the
security-notifications list apparently only sends notifications about
the base system.)
mkb.
P.S.: Please Cc: me if possible, since I'm not subscribed to the list.
More information about the freebsd-ports
mailing list