Date: Thu, 13 Jan 2011 05:44:53 +0000 (UTC) From: Eygene Ryabinkin <rea@FreeBSD.org> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/security/vuxml vuln.xml Message-ID: <201101130544.p0D5irvx025221@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rea 2011-01-13 05:44:53 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: Split recent PHP entry into multiple ones Many reasons: - some vulnerabilities were present only in the specific PHP modules and not in the core PHP; - it is better to group vulnerabilities by-topic (DoS, code execution, etc); - PHAR vulnerability is present only in 5.3.x; - extract() vulnerability was fixed both in 5.2 and 5.3: http://www.mail-archive.com/php-cvs@lists.php.net/msg47722.html - NULL-byte poisoning was fixed only in 5.3, 5.2.x is still vulnerable to this design error; - DFS-related fixes are not relevant for FreeBSD, since DFS is Windows file system that is unsupported by us. PR: 153433 Approved by: remko (secteam), erwin (mentor) Feature safe: yes Revision Changes Path 1.2275 +247 -42 ports/security/vuxml/vuln.xml
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201101130544.p0D5irvx025221>