From owner-cvs-ports@FreeBSD.ORG  Mon Oct 16 17:04:27 2006
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
X-Original-To: cvs-ports@FreeBSD.ORG
Delivered-To: cvs-ports@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D146816A40F;
	Mon, 16 Oct 2006 17:04:27 +0000 (UTC)
	(envelope-from delphij@delphij.net)
Received: from tarsier.geekcn.org (tarsier.geekcn.org [210.51.165.229])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 191E843D49;
	Mon, 16 Oct 2006 17:04:15 +0000 (GMT)
	(envelope-from delphij@delphij.net)
Received: from localhost (tarsier.geekcn.org [210.51.165.229])
	by tarsier.geekcn.org (Postfix) with ESMTP id 09515EB10E9;
	Tue, 17 Oct 2006 01:04:13 +0800 (CST)
X-Virus-Scanned: amavisd-new at geekcn.org
Received: from tarsier.geekcn.org ([210.51.165.229])
	by localhost (mail.geekcn.org [210.51.165.229]) (amavisd-new,
	port 10024)
	with ESMTP id cHi2w6V5ifpG; Tue, 17 Oct 2006 01:04:10 +0800 (CST)
Received: from [192.168.1.32] (unknown [61.51.105.235])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by tarsier.geekcn.org (Postfix) with ESMTP id 6A36EEB0997;
	Tue, 17 Oct 2006 01:04:09 +0800 (CST)
DomainKey-Signature: a=rsa-sha1; s=default; d=delphij.net; c=nofws; q=dns;
	h=message-id:date:from:organization:user-agent:mime-version:to:cc:
	subject:references:in-reply-to:x-enigmail-version:content-type;
	b=H9VpasiEc4HTNf0G8mShZxDXl0/b49KdZIuzFfaNHp4n5On4J3V3HNL30o931Dijl
	Zxks49aeQT/flZZ66/JCg==
Message-ID: <4533BB70.2090006@delphij.net>
Date: Tue, 17 Oct 2006 01:03:44 +0800
From: LI Xin <delphij@delphij.net>
Organization: The FreeBSD Project
User-Agent: Thunderbird 1.5.0.7 (Macintosh/20060909)
MIME-Version: 1.0
To: "Simon L. Nielsen" <simon@FreeBSD.ORG>
References: <200610160930.k9G9UwJj029252@repoman.freebsd.org>
	<20061016165426.GA1040@zaphod.nitro.dk>
In-Reply-To: <20061016165426.GA1040@zaphod.nitro.dk>
X-Enigmail-Version: 0.94.1.0
Content-Type: multipart/signed; micalg=pgp-ripemd160;
	protocol="application/pgp-signature";
	boundary="------------enig112FEE594C459D8A8F0E9E2B"
Cc: cvs-ports@FreeBSD.ORG, cvs-all@FreeBSD.ORG, Alex Dupre <ale@FreeBSD.ORG>,
	ports-committers@FreeBSD.ORG
Subject: Re: cvs commit: ports/lang/php4 Makefile ports/lang/php4/files
 patch-ext_standard_dir.c
 patch-main_php_open_temporary_file.c patch-php.ini-dist
 patch-php.ini-recommended
 ports/lang/php5 Makefile ports/lang/php5/files patch-ext_standard_dir.c
 patch-main_php_open_temporary_file.c ...
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2006 17:04:27 -0000

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig112FEE594C459D8A8F0E9E2B
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Simon L. Nielsen wrote:
> On 2006.10.16 09:30:58 +0000, Alex Dupre wrote:
>> ale         2006-10-16 09:30:58 UTC
>>
>>   FreeBSD ports repository
>>
>>   Modified files:
>>     lang/php4            Makefile=20
>>     lang/php5            Makefile=20
>>   Added files:
>>     lang/php4/files      patch-ext_standard_dir.c=20
>>                          patch-main_php_open_temporary_file.c=20
>>                          patch-php.ini-dist=20
>>                          patch-php.ini-recommended=20
>>     lang/php5/files      patch-ext_standard_dir.c=20
>>                          patch-main_php_open_temporary_file.c=20
>>                          patch-php.ini-dist=20
>>                          patch-php.ini-recommended=20
>>   Log:
>>   - fix open_basedir vulnerability in php4 and php5 [1]
>=20
> Do you have a CVE name or a reference for exactly which issue this is?

That would be http://www.hardened-php.net/advisory_082006.132.html or
CVE-2006-5178.  I think we should mark these new versions as safe in vuxm=
l.

Cheers,
--=20
Xin LI <delphij@delphij.net>	http://www.delphij.net/
FreeBSD - The Power to Serve!


--------------enig112FEE594C459D8A8F0E9E2B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFM7twOfuToMruuMARA5OvAJwJTOD1soaJoe3xjfy9yMJ7YVnP1ACePE8C
B9+iAgxLBccJKI01NTEPUgM=
=1ANU
-----END PGP SIGNATURE-----

--------------enig112FEE594C459D8A8F0E9E2B--