Hi, suhosin 0.9.33 was recently released. They found a possible security problem which is not in the default configuration. Advisory: http://seclists.org/fulldisclosure/2012/Jan/295 Changelog: http://www.hardened-php.net/suhosin/changelog.html 2012.01.19: Version 0.9.33 Make clear that suhosin is incompatible to mbstring.encoding_translation=On Stop mbstring extension from replacing POST handlers Added detection of extensions manipulating POST handlers Fixed environment variables for logging do not go through the filter extension anymore Fixed stack based buffer overflow in transparent cookie encryption (see separate advisory) Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers Removed crypt() support - because not used for PHP >= 5.3.0 anyway
Responsible Changed From-To: freebsd-ports-bugs->ale Over to maintainer (via the GNATS Auto Assign Tool)
State Changed From-To: open->closed Committed, thanks!
ale 2012-02-03 09:04:56 UTC FreeBSD ports repository Modified files: security/php-suhosin Makefile distinfo Log: Update to 0.9.33 release. PHP 4 is not supported. PHP 5.2 is not officially supported, but may work. PR: ports/164712 Submitted by: Hilko Meyer <hilko.meyer@gmx.de> Revision Changes Path 1.24 +3 -1 ports/security/php-suhosin/Makefile 1.25 +2 -2 ports/security/php-suhosin/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"