Date: Thu, 5 Oct 2006 08:56:07 +0300 From: Vasil Dimov <vd@FreeBSD.org> To: Andrew Pantyukhin <sat@FreeBSD.org> Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, "Simon L. Nielsen" <simon@freebsd.org>, ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml Message-ID: <20061005055607.GB81754@qlovarnika.bg.datamax> In-Reply-To: <cb5206420610042247h3bcb6454v7f9e50f2123e0879@mail.gmail.com> References: <200610041710.k94HAkxJ011471@repoman.freebsd.org> <20061004185417.GC1008@zaphod.nitro.dk> <cb5206420610042247h3bcb6454v7f9e50f2123e0879@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 05, 2006 at 09:47:40AM +0400, Andrew Pantyukhin wrote: > On 10/4/06, Simon L. Nielsen <simon@freebsd.org> wrote: > >On 2006.10.04 17:10:46 +0000, Andrew Pantyukhin wrote: > >> sat 2006-10-04 17:10:46 UTC > >> > >> FreeBSD ports repository > >> > >> Modified files: > >> security/vuxml vuln.xml > >> Log: > >> - Document NULL byte injection vulnerability in phpbb > >> > >> Revision Changes Path > >> 1.1167 +40 -1 ports/security/vuxml/vuln.xml > >[...] > >> | <vuxml xmlns=3D"http://www.vuxml.org/apps/vuxml-1">; > >> | + <vuln vid=3D"86526ba4-53c8-11db-8f1a-000a48049292"> > >> | + <topic>phpbb -- NULL byte injection vulnerability</topic> > >> | + <affects> > >> | + <package> > >> | + <name>phpbb</name> > >> | + <name>zh-phpbb-tw</name> > >> | + <range><lt>2.0.22</lt></range> > > > >Where did you find info about this being fixed in 2.0.22? I couldn't > >find it when checking the references and the phpbb web site. >=20 > It seems I've been violating an extrapolation of your prior advice > to use >0 when there's no fix. My rationale is to look at an advisory, > it's credibility and publicity, look at the affected project and its > history of fixing such advisories and draw a conclusion. >=20 Do I correctly understand that you assumed that the issue will be fixed in 2.0.22 which is not yet released? This sounds totally bogus to me. _Do not assume anything!_ --=20 Vasil Dimov gro.DSBeerF@dv % Heavier than air flying machines are impossible. -- Lord Kelvin, President, Royal Society, c. 1895 --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iD8DBQFFJJ53Fw6SP/bBpCARAlrPAKCpGqCCG4Z/5VpvRGQGEYAqZwo0bwCeJnC5 Q3le6G29jqHaPAgm6gp/rig= =+u12 -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061005055607.GB81754>