Bug 164712 - security/php-suhosin 0.9.33 available with fix for a possible stack buffer overflow
Summary: security/php-suhosin 0.9.33 available with fix for a possible stack buffer ov...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Alex Dupre
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-02-02 17:30 UTC by Hilko Meyer
Modified: 2012-02-03 09:10 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hilko Meyer 2012-02-02 17:30:11 UTC
Hi,

suhosin 0.9.33 was recently released. They found a possible security problem which is not in the default configuration.

Advisory:
http://seclists.org/fulldisclosure/2012/Jan/295

Changelog:
http://www.hardened-php.net/suhosin/changelog.html
2012.01.19: Version 0.9.33

Make clear that suhosin is incompatible to mbstring.encoding_translation=On
Stop mbstring extension from replacing POST handlers
Added detection of extensions manipulating POST handlers
Fixed environment variables for logging do not go through the filter extension anymore
Fixed stack based buffer overflow in transparent cookie encryption (see separate advisory) 
Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers
Removed crypt() support - because not used for PHP >= 5.3.0 anyway
Comment 1 Edwin Groothuis freebsd_committer 2012-02-02 17:30:23 UTC
Responsible Changed
From-To: freebsd-ports-bugs->ale

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Alex Dupre freebsd_committer 2012-02-03 09:05:14 UTC
State Changed
From-To: open->closed

Committed, thanks!
Comment 3 dfilter service freebsd_committer 2012-02-03 09:05:14 UTC
ale         2012-02-03 09:04:56 UTC

  FreeBSD ports repository

  Modified files:
    security/php-suhosin Makefile distinfo 
  Log:
  Update to 0.9.33 release.
  PHP 4 is not supported.
  PHP 5.2 is not officially supported, but may work.
  
  PR:             ports/164712
  Submitted by:   Hilko Meyer <hilko.meyer@gmx.de>
  
  Revision  Changes    Path
  1.24      +3 -1      ports/security/php-suhosin/Makefile
  1.25      +2 -2      ports/security/php-suhosin/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"