Bug 160013

Summary: lang/php5 (5.3.7) should be marked insecure (crypt flaw)
Product: Ports & Packages Reporter: Jeremy Chadwick <freebsd>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Only Me CC: security-officer
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Jeremy Chadwick 2011-08-23 01:40:06 UTC 
	https://bugs.php.net/bug.php?id=55439
	https://threatpost.com/en_us/blogs/serious-crypto-bug-found-php-537-082211
	http://developers.slashdot.org/story/11/08/22/2332217/Serious-Crypto-Bug-Found-In-PHP-537

	The bug has since been fixed, but the PHP developers are recommending folks
	wait until 5.3.8 is released.  So, 5.3.7 in ports should probably be marked
	unusable/insecure until then.

	I'm not sure who maintains security/vuxml updates (group effort?).

Fix: 

There may be a patch available somewhere, but I'm inclined to recommend
	folks wait until 5.3.8.
How-To-Repeat: 	n/a
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-08-23 01:40:16 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->ale

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Alex Dupre freebsd_committer freebsd_triage 2011-08-23 08:33:12 UTC 
State Changed
From-To: open->closed

Already patched.