pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: php-5.2.14 and security vulnerability




Hi,

PHP 5.2.14 Released! [22-Jul-2010]

This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.


I suggest you to check security advisories, and if these advisiories are for features that you will not enable, it would be no problem to use 5.2.14 -- though 5.3 choice is better.

Regards,
Cem



On 11/16/10 17:55, Joel Carnat wrote:
Hello,

I was on my way to compile database/php5-ldap.
In that process, I encountered the following error:
  ===>  Checking for vulnerabilities in php-5.2.14
  Package php-5.2.14 has a multiple-vulnerabilities vulnerability, see 
http://secunia.com/advisories/39675/
  Package php-5.2.14 has a denial-of-service vulnerability, see 
http://secunia.com/advisories/41724/
  Package php-5.2.14 has a sensitive-information-exposure vulnerability, see 
http://secunia.com/advisories/42135/
  ERROR: Define ALLOW_VULNERABLE_PACKAGES in mk.conf or IGNORE_URL in 
pkg_install.conf(5) if this package is absolutely essential.

Do we have a safe (hear not using ALLOW_VULNERABLE_PACKAGES ;) way to enable 
PHP ?
I couldn't find any update notification on the CVS tree.

Did I miss something ?

TIA,
   Jo



Home | Main Index | Thread Index | Old Index