Date: Mon, 16 Oct 2006 19:15:40 +0200 From: "Simon L. Nielsen" <simon@FreeBSD.org> To: LI Xin <delphij@delphij.net> Cc: cvs-ports@FreeBSD.ORG, cvs-all@FreeBSD.ORG, Alex Dupre <ale@FreeBSD.ORG>, ports-committers@FreeBSD.ORG Subject: Re: cvs commit: ports/lang/php4 Makefile ports/lang/php4/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c patch-php.ini-dist patch-php.ini-recommended ports/lang/php5 Makefile ports/lang/php5/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c ... Message-ID: <20061016171540.GB1040@zaphod.nitro.dk> In-Reply-To: <4533BB70.2090006@delphij.net> References: <200610160930.k9G9UwJj029252@repoman.freebsd.org> <20061016165426.GA1040@zaphod.nitro.dk> <4533BB70.2090006@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2006.10.17 01:03:44 +0800, LI Xin wrote: > Simon L. Nielsen wrote: > > On 2006.10.16 09:30:58 +0000, Alex Dupre wrote: > >> ale 2006-10-16 09:30:58 UTC > >> > >> FreeBSD ports repository > >> > >> Modified files: > >> lang/php4 Makefile > >> lang/php5 Makefile > >> Added files: > >> lang/php4/files patch-ext_standard_dir.c > >> patch-main_php_open_temporary_file.c > >> patch-php.ini-dist > >> patch-php.ini-recommended > >> lang/php5/files patch-ext_standard_dir.c > >> patch-main_php_open_temporary_file.c > >> patch-php.ini-dist > >> patch-php.ini-recommended > >> Log: > >> - fix open_basedir vulnerability in php4 and php5 [1] > > > > Do you have a CVE name or a reference for exactly which issue this is? > > That would be http://www.hardened-php.net/advisory_082006.132.html or > CVE-2006-5178. I think we should mark these new versions as safe in vuxml. OK, without any references it's a bit hard to check what these patches really do, but if ale@ says it fixes VuXML ID edabe438-542f-11db-a5ae-00508d6a62df then yes, the VuXML entry should be updated to mark the new php version as safe. -- Simon L. Nielsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061016171540.GB1040>