php4 vulnerabilities

Matthias Buelow mkb at
Thu Jun 9 14:01:22 GMT 2005

Hi folks,

I have various php4 ports installed, an up-to-date portaudit auditfile,
and it doesn't warn me about the following issues in php4 <4.3.11:
CVE-ID: CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043.

Don't these problems apply to the 4.3.10 as bundled in ports, or is the
auditfile just lagging? These are fairly serious issues, including a
remote buffer overflow with code injection. I only stumbled upon them
because I read about them being included in an update bundle for MacOS
X, on mainstream media (is there something like a
ports-security-notifications mailing list? Since the
security-notifications list apparently only sends notifications about
the base system.)


P.S.: Please Cc: me if possible, since I'm not subscribed to the list.

More information about the freebsd-ports mailing list