PHP52 vulnerability

Andrea Venturoli ml at
Thu Mar 3 20:09:20 UTC 2011


As you probably know, it looks like php52 is vulnerable:

Affected package: php52-5.2.17
Type of problem: php -- NULL byte poisoning.

Is there any news on the horizon?
Will a new version be released and/or the port updated?
Any possible patch?

Don't get me wrong, I'm not sentimentally tied to this version of php.
Rather, the problem is the fun the dev team must have experienced going 
a long way into deprecation of tons of things, which, by the way, breaks 
almost any non trivial application I know of (a couple of examples being 
KnowledgeTree and Horde).
On some box I tried the switch and had to go back immediately.

  bye & Thanks

More information about the freebsd-ports mailing list