Subject: CVS commit: [pkgsrc-2011Q4] pkgsrc/security/php-suhosin
From: Steven Drake
Date: 2012-01-21 10:02:46
Message id: 20120121090246.E787B175DD@cvs.netbsd.org
Log Message:
Pullup ticket #3658 - requested by taca
security/php-suhosin security fix

Revisions pulled up:
- security/php-suhosin/Makefile                                 1.5
- security/php-suhosin/distinfo                                 1.4

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Fri Jan 20 03:23:34 UTC 2012

   Modified Files:
   	pkgsrc/security/php-suhosin: Makefile distinfo

   Log Message:
   Update php-suhosin package to 0.9.33 to fix security problem.

                            SektionEins GmbH
                           www.sektioneins.de

                        -= Security  Advisory =-

        Advisory: Suhosin PHP Extension Transparent Cookie Encryption Stack
   Buffer Overflow
    Release Date: 2012/01/19
   Last Modified: 2012/01/19
          Author: Stefan Esser [stefan.esser[at]sektioneins.de]

     Application: Suhosin Extension <= 0.9.32.1
        Severity: A possible stack buffer overflow in Suhosin extension's
                  transparent cookie encryption that can only be triggered
                  in an uncommon and weakened Suhosin configuration can lead
                  to arbitrary remote code execution, if the FORTIFY_SOURCE
                  compile option was not used when Suhosin was compiled.
            Risk: Medium
   Vendor Status: Suhosin Extension 0.9.33 was released which fixes this
   vulnerability
       Reference: http://www.suhosin.org/
                  https://github.com/stefanesser/suhosin
Files:
RevisionActionfile
1.4.2.1modifypkgsrc/security/php-suhosin/Makefile
1.3.10.1modifypkgsrc/security/php-suhosin/distinfo