Portaudit not detecting php 5.3 problem

F

frijsdijk

I just noticed the newest PHP 5.3 portaudit:

Code: 
Affected package: php53-5.3.13
Type of problem: php -- potential overflow in _php_stream_scandir.
Reference: http://portaudit.FreeBSD.org/bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89.html

According to FreeBSD portaudit URL:

Code: 
Affects:
    php5 >5.4 <5.4.5
    php53 <5.3.15
    php52 <=5.2.17_10

But then on a system that's still running PHP from lang/php5, version 5.3.13:

Code: 
# portaudit php5-5.3.13
0 problem(s) found.

On the same machine:

Code: 
# portaudit php53-5.3.13
Affected package: php53-5.3.13
Type of problem: php -- potential overflow in _php_stream_scandir.
Reference: http://portaudit.FreeBSD.org/bdab0acd-d4cd-11e1-8a1c-14dae9ebcf89.html

1 problem(s) found.

Is this a bug?

PHP 5.3.13 was not vulnerable untill this latest portaudit came out, before that, I'd never see the need to just recompile stuff because PHP changed it's origin from lang/php5 to lang/php53. But now I miss important portaudit info.
 
frijsdijk said:
I'd never see the need to just recompile stuff because PHP changed it's origin from lang/php5 to lang/php53. But now I miss important portaudit info.
Click to expand...
You also missed the previous update for 5.3 to 5.3.14. Current version of lang/php53 is 5.3.15. All the more reason to keep track of these things.
 
SirDice said:
You also missed the previous update for 5.3 to 5.3.14. Current version of lang/php53 is 5.3.15. All the more reason to keep track of these things.
Click to expand...

With all respect, but I don't think that's something that customers are waiting for, as long as there is no reason to upgrade (no vulns), and the customer isn't looking for new features, why upgrade? You're answer is predictable as usual, and you're not answering my initial question again. Why answer at all?
 
I have the same problem, running php5 (not php53) with 5.3.13 and waiting for customer's ok to update and now portaudit does not show a problem, because a line like "php5 <5.3.14" is missing. It was safe to keep 5.3.13 from 2012-05-16 (php5-5.4-Update) until 2012-07-18 (php53-5.3.14-Update).
 
You must log in or register to reply here.
Back
Top