pecl-zip has been providing zip support for php, and with some version of php (5.2? doesn't matter) it became part of PHP itself and ships with it (ext/zip in the source). This is enabled with USE=zip when building php. Several security issues have been reported against PHP with zip support, so pecl-zip is probably also affected, but it has never seen any fixes (last upstream release is from 2007). We should verify and probably remove pecl-zip.
confirmed this is vulnerable to CVE-2008-5658. If you do not want to maintain unbundled zip module, then please mask and remove.
Masked and will be removed. # Christian Hoffmann <hoffie@gentoo.org> (12 Apr 2009) # Masked for security (bug 265756), unmaintained upstream (last release # two years ago), will be removed in 30 days. Use dev-lang/php with # USE=zip as a replacement, which is actively maintained and has more # features. dev-php5/pecl-zip
(In reply to comment #2) > Masked and will be removed. And was removed.
noglsa? and closing?
Sounds good.