Andrew McGlashan wrote: > Now, php5-suhosin provides some real protection against programming > problems that could very easily exist and it is not uncommon to see > messages from Debian stable installs reporting bugs / vulnerabilities > detected by suhosin.... The question isn't whether the suhosin patch did good with older PHP versions. The question is whether newer PHP versions benefit as much from it. Because in recent years AIUI many of the features of suhosin were merged into the mainline PHP. And supporting suhosin isn't easy. At least some other distros have also stopped supporting it too. > Will php5-suhosin be re-instated any time soon? And if not, what > measures can we take to protect Wheezy servers now? Here is a good place to read up on the current state of PHP plus suhosin in Debian. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657698 It is a long thread with a lot of references to research. Grab a comfortable chair and a stimulating beverage. Bob
Attachment:
signature.asc
Description: Digital signature