PHP new vulnarabilities

Paul Schmehl pauls at
Sun Oct 15 11:07:21 PDT 2006

--On October 15, 2006 7:49:55 PM +0200 Thomas <freebsdlists at> 
> Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You
> can use:
> make -DDISABLE_VULNERABILITIES install clean
> It will ignore the vuxml entry.
No offense, but anybody who *deliberately* installs a vulnerable version 
of php in *today's* world, is an absolute fool.  Some of us are *stuck* 
with the vulnerable version, because we installed before the vulnerability 
was found.  We can't go back because previous versions are *also* 

But *deliberately* installing it when you *know* it's vulnerable - and one 
of the most attacked applications on the internet?  Foolhardy doesn't 
quite grasp the insanity of that.

Paul Schmehl (pauls at
Adjunct Information Security Officer
The University of Texas at Dallas

More information about the freebsd-questions mailing list