suhosin 0.9.33 was recently released. They found a possible security problem which is not in the default configuration.
2012.01.19: Version 0.9.33
Make clear that suhosin is incompatible to mbstring.encoding_translation=On
Stop mbstring extension from replacing POST handlers
Added detection of extensions manipulating POST handlers
Fixed environment variables for logging do not go through the filter extension anymore
Fixed stack based buffer overflow in transparent cookie encryption (see separate advisory)
Fixed that disabling HTTP response splitting protection also disabled NUL byte protection in HTTP headers
Removed crypt() support - because not used for PHP >= 5.3.0 anyway
Over to maintainer (via the GNATS Auto Assign Tool)
ale 2012-02-03 09:04:56 UTC
FreeBSD ports repository
security/php-suhosin Makefile distinfo
Update to 0.9.33 release.
PHP 4 is not supported.
PHP 5.2 is not officially supported, but may work.
Submitted by: Hilko Meyer <firstname.lastname@example.org>
Revision Changes Path
1.24 +3 -1 ports/security/php-suhosin/Makefile
1.25 +2 -2 ports/security/php-suhosin/distinfo
email@example.com mailing list
To unsubscribe, send any mail to "firstname.lastname@example.org"