On 2022/07/02 14:33, stolen data wrote: > All versions of PHP 8.0 below 8.0.20 are vulnerable to > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31626 which was > patched in PHP 8.0.20 on Jun 9, three weeks ago. OpenBSD 7.0 repo still > offers remotely exploitable PHP 8.0.17.
This is as expected. Commits to the OpenBSD 7.0 ports repo stopped when 7.1 was released. Your choices are: - update to a version of OpenBSD which still has package updates (either the most recent release, at the moment 7.1, or -current). - backport it yourself. - pay someone else to backport it (e.g. M:Tier have an LTS packages offering).
