Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 5 Oct 2006 08:56:07 +0300
From:      Vasil Dimov <vd@FreeBSD.org>
To:        Andrew Pantyukhin <sat@FreeBSD.org>
Cc:        cvs-ports@freebsd.org, cvs-all@freebsd.org, "Simon L. Nielsen" <simon@freebsd.org>, ports-committers@freebsd.org
Subject:   Re: cvs commit: ports/security/vuxml vuln.xml
Message-ID:  <20061005055607.GB81754@qlovarnika.bg.datamax>
In-Reply-To: <cb5206420610042247h3bcb6454v7f9e50f2123e0879@mail.gmail.com>
References:  <200610041710.k94HAkxJ011471@repoman.freebsd.org> <20061004185417.GC1008@zaphod.nitro.dk> <cb5206420610042247h3bcb6454v7f9e50f2123e0879@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

--X1bOJ3K7DJ5YkBrT
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 05, 2006 at 09:47:40AM +0400, Andrew Pantyukhin wrote:
> On 10/4/06, Simon L. Nielsen <simon@freebsd.org> wrote:
> >On 2006.10.04 17:10:46 +0000, Andrew Pantyukhin wrote:
> >> sat         2006-10-04 17:10:46 UTC
> >>
> >>   FreeBSD ports repository
> >>
> >>   Modified files:
> >>     security/vuxml       vuln.xml
> >>   Log:
> >>   - Document NULL byte injection vulnerability in phpbb
> >>
> >>   Revision  Changes    Path
> >>   1.1167    +40 -1     ports/security/vuxml/vuln.xml
> >[...]
> >> |  <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">;
> >> | +  <vuln vid=3D"86526ba4-53c8-11db-8f1a-000a48049292">
> >> | +    <topic>phpbb -- NULL byte injection vulnerability</topic>
> >> | +    <affects>
> >> | +      <package>
> >> | +   <name>phpbb</name>
> >> | +   <name>zh-phpbb-tw</name>
> >> | +   <range><lt>2.0.22</lt></range>
> >
> >Where did you find info about this being fixed in 2.0.22?  I couldn't
> >find it when checking the references and the phpbb web site.
>=20
> It seems I've been violating an extrapolation of your prior advice
> to use >0 when there's no fix. My rationale is to look at an advisory,
> it's credibility and publicity, look at the affected project and its
> history of fixing such advisories and draw a conclusion.
>=20

Do I correctly understand that you assumed that the issue will be fixed
in 2.0.22 which is not yet released?

This sounds totally bogus to me.
_Do not assume anything!_

--=20
Vasil Dimov
gro.DSBeerF@dv
%
Heavier than air flying machines are impossible.
                -- Lord Kelvin, President, Royal Society, c. 1895

--X1bOJ3K7DJ5YkBrT
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----

iD8DBQFFJJ53Fw6SP/bBpCARAlrPAKCpGqCCG4Z/5VpvRGQGEYAqZwo0bwCeJnC5
Q3le6G29jqHaPAgm6gp/rig=
=+u12
-----END PGP SIGNATURE-----

--X1bOJ3K7DJ5YkBrT--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061005055607.GB81754>