Date: Thu, 13 Jan 2011 05:44:53 +0000 (UTC) From: Eygene Ryabinkin <rea@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/security/vuxml vuln.xml Message-ID: <201101130544.p0D5irvx025221@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rea 2011-01-13 05:44:53 UTC
FreeBSD ports repository
Modified files:
security/vuxml vuln.xml
Log:
Split recent PHP entry into multiple ones
Many reasons:
- some vulnerabilities were present only in the specific
PHP modules and not in the core PHP;
- it is better to group vulnerabilities by-topic (DoS, code
execution, etc);
- PHAR vulnerability is present only in 5.3.x;
- extract() vulnerability was fixed both in 5.2 and 5.3:
http://www.mail-archive.com/php-cvs@lists.php.net/msg47722.html
- NULL-byte poisoning was fixed only in 5.3, 5.2.x is still
vulnerable to this design error;
- DFS-related fixes are not relevant for FreeBSD, since DFS
is Windows file system that is unsupported by us.
PR: 153433
Approved by: remko (secteam), erwin (mentor)
Feature safe: yes
Revision Changes Path
1.2275 +247 -42 ports/security/vuxml/vuln.xml
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101130544.p0D5irvx025221>