cvs commit: ports/lang/php4 Makefile ports/lang/php4/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c patch-php.ini-dist patch-php.ini-recommended ports/lang/php5 Makefile ports/lang/php5/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c ...

[Simon L. Nielsen]

On 2006.10.16 09:30:58 +0000, Alex Dupre wrote:
> ale         2006-10-16 09:30:58 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     lang/php4            Makefile 
>     lang/php5            Makefile 
>   Added files:
>     lang/php4/files      patch-ext_standard_dir.c 
>                          patch-main_php_open_temporary_file.c 
>                          patch-php.ini-dist 
>                          patch-php.ini-recommended 
>     lang/php5/files      patch-ext_standard_dir.c 
>                          patch-main_php_open_temporary_file.c 
>                          patch-php.ini-dist 
>                          patch-php.ini-recommended 
>   Log:
>   - fix open_basedir vulnerability in php4 and php5 [1]

Do you have a CVE name or a reference for exactly which issue this is?

>   - add an alert on safe_mode intrinsic insecurity and
>     suggest to install the suhosin extension
>   - enable the suhosin patch by deafult also in php4

<secteam hat>Thanks!</>

-- 
Simon L. Nielsen