pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2011Q4] pkgsrc/security/php-suhosin
Module Name: pkgsrc
Committed By: sbd
Date: Sat Jan 21 09:02:46 UTC 2012
Modified Files:
pkgsrc/security/php-suhosin [pkgsrc-2011Q4]: Makefile distinfo
Log Message:
Pullup ticket #3658 - requested by taca
security/php-suhosin security fix
Revisions pulled up:
- security/php-suhosin/Makefile 1.5
- security/php-suhosin/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Fri Jan 20 03:23:34 UTC 2012
Modified Files:
pkgsrc/security/php-suhosin: Makefile distinfo
Log Message:
Update php-suhosin package to 0.9.33 to fix security problem.
SektionEins GmbH
www.sektioneins.de
-= Security Advisory =-
Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack
Buffer Overflow
Release Date: 2012/01/19
Last Modified: 2012/01/19
Author: Stefan Esser [stefan.esser[at]sektioneins.de]
Application: Suhosin Extension <= 0.9.32.1
Severity: A possible stack buffer overflow in Suhosin extension's
transparent cookie encryption that can only be triggered
in an uncommon and weakened Suhosin configuration can lead
to arbitrary remote code execution, if the FORTIFY_SOURCE
compile option was not used when Suhosin was compiled.
Risk: Medium
Vendor Status: Suhosin Extension 0.9.33 was released which fixes this
vulnerability
Reference: http://www.suhosin.org/
https://github.com/stefanesser/suhosin
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.2.1 pkgsrc/security/php-suhosin/Makefile
cvs rdiff -u -r1.3 -r1.3.10.1 pkgsrc/security/php-suhosin/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index