I fixed the php3 port (3.0.18) in -current, 3.0-stable and 2.9-stable
branches. I'll see about fixing the 3.0-stable branch (4.0.6) and *maybe*
2.9-stable. I'll leave the upgrading of the the php4 port in -current up
to avsm@.
// Brad
brad@comstyle.com
brad@openbsd.org
>Date: Wed, 27 Feb 2002 14:07:51 -0500
>From: Andrew Pinski <pinskia@physics.uc.edu>
>To: Jedi/Sector One <j@pureftpd.org>
>Cc: misc@openbsd.org
>Subject: Re: Is OpenBSD vulnerable to the POST PHP hole?
>
>Been fixed in the cvs, this morning.
>Update the port system.
>It also been fixed in the cvs for 2.9's port system.
>
>
>Thanks,
>Andrew Pinski
>
>On Wednesday, February 27, 2002, at 01:52 , Jedi/Sector One wrote:
>
>> Several remotely exploitable vulnerabilities have been discovered in
>> PHP
>> < 4.1.2 :
>>
>> http://security.e-matters.de/advisories/012002.html
>>
>> May someone confirm whether the PHP4 port of OpenBSD-3.0 is
>> vulnerable to
>> this?
>>
>> --
>> __ /*- Frank DENIS (Jedi/Sector One)
>> <j@42-Networks.Com> -*\ __
>> \ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server
>> </a> \' /
>> \/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software
>> </a> \/
|