Bug 164712

Summary: security/php-suhosin 0.9.33 available with fix for a possible stack buffer overflow
Product: Ports & Packages Reporter: Hilko Meyer <hilko.meyer>
Component: Individual Port(s)Assignee: Alex Dupre <ale>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   

Description Hilko Meyer 2012-02-02 17:30:11 UTC 
Hi,

suhosin 0.9.33 was recently released. They found a possible security problem which is not in the default configuration.

Advisory:
http://seclists.org/fulldisclosure/2012/Jan/295

Changelog:
http://www.hardened-php.net/suhosin/changelog.html
2012.01.19: Version 0.9.33

Make clear that suhosin is incompatible to mbstring.encoding_translation=On
Stop mbstring extension from replacing POST handlers
Added detection of extensions manipulating POST handlers
Fixed environment variables for logging do not go through the filter extension anymore
Fixed stack based buffer overflow in transparent cookie encryption (see separate advisory) 
Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers
Removed crypt() support - because not used for PHP >= 5.3.0 anyway
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2012-02-02 17:30:23 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->ale

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Alex Dupre freebsd_committer freebsd_triage 2012-02-03 09:05:14 UTC 
State Changed
From-To: open->closed

Committed, thanks!
Comment 3 dfilter service freebsd_committer freebsd_triage 2012-02-03 09:05:14 UTC 
ale         2012-02-03 09:04:56 UTC

  FreeBSD ports repository

  Modified files:
    security/php-suhosin Makefile distinfo 
  Log:
  Update to 0.9.33 release.
  PHP 4 is not supported.
  PHP 5.2 is not officially supported, but may work.
  
  PR:             ports/164712
  Submitted by:   Hilko Meyer <hilko.meyer@gmx.de>
  
  Revision  Changes    Path
  1.24      +3 -1      ports/security/php-suhosin/Makefile
  1.25      +2 -2      ports/security/php-suhosin/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"