Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11]) by www.NetBSD.org (Postfix) with ESMTP id F251363B9DD for ; Sat, 21 Jan 2012 09:02:50 +0000 (UTC) Received: by mail.netbsd.org (Postfix, from userid 605) id C4C6414A1E5; Sat, 21 Jan 2012 09:02:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id EE71214A1E1 for ; Sat, 21 Jan 2012 09:02:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at NetBSD.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.NetBSD.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id 7VXRzvwM2nKY for ; Sat, 21 Jan 2012 09:02:47 +0000 (UTC) Received: from cvs.netbsd.org (cvs.NetBSD.org [IPv6:2001:4f8:3:7:2e0:81ff:fe30:95bd]) by mail.netbsd.org (Postfix) with ESMTP id 22F3F14A1DF for ; Sat, 21 Jan 2012 09:02:47 +0000 (UTC) Received: by cvs.netbsd.org (Postfix, from userid 500) id E787B175DD; Sat, 21 Jan 2012 09:02:46 +0000 (UTC) MIME-Version: 1.0 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Date: Sat, 21 Jan 2012 09:02:46 +0000 From: "Steven Drake" Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/security/php-suhosin To: pkgsrc-changes@NetBSD.org Reply-To: sbd@netbsd.org X-Mailer: log_accum Message-Id: <20120121090246.E787B175DD@cvs.netbsd.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk Module Name: pkgsrc Committed By: sbd Date: Sat Jan 21 09:02:46 UTC 2012 Modified Files: pkgsrc/security/php-suhosin [pkgsrc-2011Q4]: Makefile distinfo Log Message: Pullup ticket #3658 - requested by taca security/php-suhosin security fix Revisions pulled up: - security/php-suhosin/Makefile 1.5 - security/php-suhosin/distinfo 1.4 --- Module Name: pkgsrc Committed By: taca Date: Fri Jan 20 03:23:34 UTC 2012 Modified Files: pkgsrc/security/php-suhosin: Makefile distinfo Log Message: Update php-suhosin package to 0.9.33 to fix security problem. SektionEins GmbH www.sektioneins.de -= Security Advisory =- Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack Buffer Overflow Release Date: 2012/01/19 Last Modified: 2012/01/19 Author: Stefan Esser [stefan.esser[at]sektioneins.de] Application: Suhosin Extension <= 0.9.32.1 Severity: A possible stack buffer overflow in Suhosin extension's transparent cookie encryption that can only be triggered in an uncommon and weakened Suhosin configuration can lead to arbitrary remote code execution, if the FORTIFY_SOURCE compile option was not used when Suhosin was compiled. Risk: Medium Vendor Status: Suhosin Extension 0.9.33 was released which fixes this vulnerability Reference: http://www.suhosin.org/ https://github.com/stefanesser/suhosin To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.4.2.1 pkgsrc/security/php-suhosin/Makefile cvs rdiff -u -r1.3 -r1.3.10.1 pkgsrc/security/php-suhosin/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.