PHP new vulnarabilities
Paul Schmehl
pauls at utdallas.edu
Sun Oct 15 11:07:21 PDT 2006
--On October 15, 2006 7:49:55 PM +0200 Thomas <freebsdlists at bsdunix.ch>
wrote:
>
> Maybe the bug was not in your vuxml when you compiled php5-5.1.6_1. You
> can use:
> make -DDISABLE_VULNERABILITIES install clean
> It will ignore the vuxml entry.
>
No offense, but anybody who *deliberately* installs a vulnerable version
of php in *today's* world, is an absolute fool. Some of us are *stuck*
with the vulnerable version, because we installed before the vulnerability
was found. We can't go back because previous versions are *also*
vulnerable.
But *deliberately* installing it when you *know* it's vulnerable - and one
of the most attacked applications on the internet? Foolhardy doesn't
quite grasp the insanity of that.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list