From owner-cvs-all@FreeBSD.ORG Thu Oct 5 05:56:09 2006 Return-Path: X-Original-To: cvs-all@freebsd.org Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0604D16A403; Thu, 5 Oct 2006 05:56:09 +0000 (UTC) (envelope-from vd@datamax.bg) Received: from jengal.datamax.bg (jengal.datamax.bg [82.103.104.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7992243D53; Thu, 5 Oct 2006 05:56:08 +0000 (GMT) (envelope-from vd@datamax.bg) Received: from qlovarnika.bg.datamax (qlovarnika.bg.datamax [192.168.10.2]) by jengal.datamax.bg (Postfix) with SMTP id 58260B844; Thu, 5 Oct 2006 08:56:07 +0300 (EEST) Received: (nullmailer pid 81853 invoked by uid 1002); Thu, 05 Oct 2006 05:56:07 -0000 Date: Thu, 5 Oct 2006 08:56:07 +0300 From: Vasil Dimov To: Andrew Pantyukhin Message-ID: <20061005055607.GB81754@qlovarnika.bg.datamax> References: <200610041710.k94HAkxJ011471@repoman.freebsd.org> <20061004185417.GC1008@zaphod.nitro.dk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="X1bOJ3K7DJ5YkBrT" Content-Disposition: inline In-Reply-To: Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, "Simon L. Nielsen" , ports-committers@freebsd.org Subject: Re: cvs commit: ports/security/vuxml vuln.xml X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vd@FreeBSD.org List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Oct 2006 05:56:09 -0000 --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Oct 05, 2006 at 09:47:40AM +0400, Andrew Pantyukhin wrote: > On 10/4/06, Simon L. Nielsen wrote: > >On 2006.10.04 17:10:46 +0000, Andrew Pantyukhin wrote: > >> sat 2006-10-04 17:10:46 UTC > >> > >> FreeBSD ports repository > >> > >> Modified files: > >> security/vuxml vuln.xml > >> Log: > >> - Document NULL byte injection vulnerability in phpbb > >> > >> Revision Changes Path > >> 1.1167 +40 -1 ports/security/vuxml/vuln.xml > >[...] > >> | > >> | + > >> | + phpbb -- NULL byte injection vulnerability > >> | + > >> | + > >> | + phpbb > >> | + zh-phpbb-tw > >> | + 2.0.22 > > > >Where did you find info about this being fixed in 2.0.22? I couldn't > >find it when checking the references and the phpbb web site. >=20 > It seems I've been violating an extrapolation of your prior advice > to use >0 when there's no fix. My rationale is to look at an advisory, > it's credibility and publicity, look at the affected project and its > history of fixing such advisories and draw a conclusion. >=20 Do I correctly understand that you assumed that the issue will be fixed in 2.0.22 which is not yet released? This sounds totally bogus to me. _Do not assume anything!_ --=20 Vasil Dimov gro.DSBeerF@dv % Heavier than air flying machines are impossible. -- Lord Kelvin, President, Royal Society, c. 1895 --X1bOJ3K7DJ5YkBrT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- iD8DBQFFJJ53Fw6SP/bBpCARAlrPAKCpGqCCG4Z/5VpvRGQGEYAqZwo0bwCeJnC5 Q3le6G29jqHaPAgm6gp/rig= =+u12 -----END PGP SIGNATURE----- --X1bOJ3K7DJ5YkBrT--