On 2022/07/02 14:33, stolen data wrote:
> All versions of PHP 8.0 below 8.0.20 are vulnerable to
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 which was
> patched in PHP 8.0.20 on Jun 9, three weeks ago. OpenBSD 7.0 repo still
> offers remotely exploitable PHP 8.0.17.
This is as expected.
Commits to the OpenBSD 7.0 ports repo stopped when 7.1 was released.
Your choices are:
- update to a version of OpenBSD which still has package updates
(either the most recent release, at the moment 7.1, or -current).
- backport it yourself.
- pay someone else to backport it (e.g. M:Tier have an LTS packages
offering).
No comments:
Post a Comment