From owner-freebsd-questions@FreeBSD.ORG Sat Dec 26 07:45:41 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C2D151065693 for ; Sat, 26 Dec 2009 07:45:41 +0000 (UTC) (envelope-from nlandys@gmail.com) Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.26]) by mx1.freebsd.org (Postfix) with ESMTP id 7E1658FC1F for ; Sat, 26 Dec 2009 07:45:41 +0000 (UTC) Received: by qw-out-2122.google.com with SMTP id 9so1954574qwb.7 for ; Fri, 25 Dec 2009 23:45:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=fZdxDF7rh0eutu1+28XvsTcGfOEUP9FEaFHf44JsCf4=; b=a7qcPVtyemyJlfiAId/tBjGmCTjT/XzBvMNoTa5bq65v7f+X3blpC3fTLkLXNmXiBK PQJ1uL1bHyqjKnRN3M79I75DrW7Nz1xiMH419/l3ZN2v39G9wOk9Rowloqzvzhh5X3gE i26dPZQl4YFMRl5jXlP8m3PGUfhbM/o+HcJ3A= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=GmlvgnWyVOmpZMgYYIVyhnuhn6gfwgXZJGhhJgFgffO3c/CkDjOKzUj6sG7NJ9XvLi YuGVGWwzd4q9OscmFg2q7GaiYa7KeWR0XbmmztoycVUYYoI69BO91b/HqmSyA8guqvQR b5+if0qUSMym6NJnxQ7OLZx+xd1FBRrTEHB9Y= MIME-Version: 1.0 Received: by 10.229.10.229 with SMTP id q37mr5824453qcq.106.1261813539772; Fri, 25 Dec 2009 23:45:39 -0800 (PST) In-Reply-To: <9fa4f0760912252118q3397f90fr8891873eab0447d5@mail.gmail.com> References: <9fa4f0760912252118q3397f90fr8891873eab0447d5@mail.gmail.com> Date: Fri, 25 Dec 2009 23:45:39 -0800 Message-ID: <560f92640912252345g64038989y3fba4043ef5ffba6@mail.gmail.com> From: Nerius Landys To: Aleksandr Miroslav Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-questions@freebsd.org Subject: Re: portaudit php vulnerabilities X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Dec 2009 07:45:41 -0000 > For the past week or so, portaudit has been warning me that the > installed version of php on my system (php5-5.2.11_1) has known > vulnerabilties. Fair enough. However, I've not seen a fix in the ports > tree since then. Is my only option to deinstall php until this gets > fixed? Hi. I've been experiencing the same problem. Apparently 5.2.12 is not in the ports yet, but probably will be soon. If found it necessary to do some port-related commands even though 5.2.11 is currently blacklisted by portaudit. You can use DISABLE_VULNERABILITIES in your commands as outlined here until there is an updated port: http://www.ivorde.ro/FreeBSD_force_port_installation_upgrade_even_though_portaudit_reports_vulnerability_for_it-64.html