From owner-freebsd-questions@FreeBSD.ORG Sat Dec 26 11:48:10 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57EFE1065670 for ; Sat, 26 Dec 2009 11:48:10 +0000 (UTC) (envelope-from gesbbb@yahoo.com) Received: from smtp101.prem.mail.ac4.yahoo.com (smtp101.prem.mail.ac4.yahoo.com [76.13.13.40]) by mx1.freebsd.org (Postfix) with SMTP id F02808FC08 for ; Sat, 26 Dec 2009 11:48:09 +0000 (UTC) Received: (qmail 51739 invoked from network); 26 Dec 2009 11:48:09 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Received:Date:From:To:Subject:Message-ID:In-Reply-To:References:Reply-To:Organization:X-Mailer:Face:Mime-Version:Content-Type:Content-Transfer-Encoding; b=b6ynlTmuIVjDSSUfa/UpumKIE8WtvXOPv2pUS5EvfBDuFGD4En4bEri48/32APkZdtCpaE/sGlvdUWE0KknTJi2bzQ5oMq7+8oADuDWCmE34eLC75OVqXiiq3MqZSpl3W8wWXsQ0WSGmElxteXxBnSbnq+0q5riPc2ExEKLKabg= ; Received: from c-67-189-183-172.hsd1.ny.comcast.net (gesbbb@67.189.183.172 with login) by smtp101.prem.mail.ac4.yahoo.com with SMTP; 26 Dec 2009 03:48:09 -0800 PST X-Yahoo-SMTP: yeAAMgKswBATCul4lSbCWspvTA-- X-YMail-OSG: m2q4t94VM1n.b4CrNYdh3TQq0Ogvzwha3b4XaoI.wVMQ6ppcOpjDq53aPyfTFBQKfYwCXlyB8LxjXrOI_rE6Jy6WJfV_ir6knFvO3gMcryMT4Nzu90V9Qa1yDx.7x3YuKFcGFWOJnjsWen0bWW7PURbXYiOEh0pdWyvLgaeyrQL2WSxCkwetvheyQ1hmIS6IGdq2PSD9J1l0nenSkhggvo2bZfXNWKWjq4uWKv2x9EDNwUf71iGmD384nr7F2TQm6TJzoxLwQ0tpMMmB5adHpwYSz034ltXvpbZU0V.jHG97r06kAh8oCdgZpw-- X-Yahoo-Newman-Property: ymail-3 Received: from scorpio.seibercom.net (scorpio.seibercom.net [192.168.1.101]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: gesbbb@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id CC52D22886 for ; Sat, 26 Dec 2009 06:48:08 -0500 (EST) Date: Sat, 26 Dec 2009 06:48:08 -0500 From: Jerry To: freebsd-questions@freebsd.org Message-ID: <20091226064808.2dfecb06@scorpio.seibercom.net> In-Reply-To: <560f92640912252345g64038989y3fba4043ef5ffba6@mail.gmail.com> References: <9fa4f0760912252118q3397f90fr8891873eab0447d5@mail.gmail.com> <560f92640912252345g64038989y3fba4043ef5ffba6@mail.gmail.com> Organization: seibercom.net X-Mailer: Claws Mail 3.7.3 (GTK+ 2.18.5; i386-portbld-freebsd7.2) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAGFBMVEX+/v7++v6YOTrq8PCcuIX989UvOSj++v0BNCbpAAAAB3RJTUUHsQwfFzs7RBhzUQAAAhJJREFUOI1dU8GOqzAMNKIoV1bvwD1i0ysqrHplIdBrVSX7ATSbd03VVvn9tQNtQy0hjAdn7LED4AAcPtWm9RV+MPSfxhBLx9ajd6X/ngB6/mTwnRSZua7i7Ca+0ctZKo4Qmz+JY13X6I3nFZBxIYW1PbgfQ5RP8g0XlltEWGf3cV03joYpRnFbvYDKbXjZlXyyhEZA4lI+cN3NaVXE4VKjSwTExO10eTEkkJVqIAD5z0nUBQJluQDRSQjcrBiHAJxZlAH5CUMBMC7OcJ4LMQNnxhZ1HYPscMc6J4UlWRMNwzOpCcAHKSICd1EDn83abdREIbXsHkD1OinP1aCUCOEVRaa1lMcvywUWdYgk13JQUpYNKmvXQ8Kw5ML9YI5h8SakctBc7E/IYuLhYd/zZIk+1gM1vNweQBvHE0j+oYah3sMqAytQYlZk6+ANaaawJdu3OFzYGMZ3iGpa3qMlq9ZH0VZTgrCtw/ngdYkEIIpSbP1bWQAdFdX9vocBdkH2qVjVmuMu3gI5rjs814EUdrCZgWlPaxZZ3RiLFUtr+ud0PXwp2dnQSNXgePt6AZpBj6UMJ7VQkzN4utVeaSW1Dhn/kblGrKeMvNGnzwX4zuEDarYz1KdPtR60Gul0Gued+515SJXhCsl+Tx/3kY/UDvicPll9mfu50t3tvQ/thZpJYgeuwdSKNJ6tCD98MCgoxLDaPxbwqqwPWaWiAAAAAElFTkSuQmCC X-Face: "\j?x](l|]4p?-1Bf@!wN<&p=$.}^k-HgL}cJKbQZ3r#Ar]\%U(#6}'?<3s7%(%(gxJxxcR Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: portaudit php vulnerabilities X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Dec 2009 11:48:10 -0000 On Fri, 25 Dec 2009 23:45:39 -0800 Nerius Landys replied: >> For the past week or so, portaudit has been warning me that the >> installed version of php on my system (php5-5.2.11_1) has known >> vulnerabilties. Fair enough. However, I've not seen a fix in the >> ports tree since then. Is my only option to deinstall php until this >> gets fixed? > >Hi. I've been experiencing the same problem. Apparently 5.2.12 is >not in the ports yet, but probably will be soon. > >If found it necessary to do some port-related commands even though >5.2.11 is currently blacklisted by portaudit. You can use >DISABLE_VULNERABILITIES in your commands as outlined here until there >is an updated port: Same problem here. I was going to update to FreeBSD-8 this weekend; however, I thought better of it. As sure as death and taxes, I know that as soon as I install FBSD-8 with PHP the new version of PHP will become available. I'll install it and something will break. I'll just wait until this problem is resolved. -- Jerry gesbbb@yahoo.com |::::======= |::::======= |=========== |=========== | Genuine happiness is when a wife sees a double chin on her husband's old girl friend.