From owner-freebsd-ports-bugs@FreeBSD.ORG  Fri Jan 16 05:50:05 2009
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 292B810656DF
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Fri, 16 Jan 2009 05:50:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 058B18FC3A
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Fri, 16 Jan 2009 05:50:05 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n0G5o4Ar054800
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Fri, 16 Jan 2009 05:50:04 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n0G5o4iC054799;
	Fri, 16 Jan 2009 05:50:04 GMT (envelope-from gnats)
Resent-Date: Fri, 16 Jan 2009 05:50:04 GMT
Resent-Message-Id: <200901160550.n0G5o4iC054799@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Mark Foster <mark@foster.cc>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5A79F1065676
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri, 16 Jan 2009 05:48:44 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 493B68FC26
	for <freebsd-gnats-submit@FreeBSD.org>;
	Fri, 16 Jan 2009 05:48:44 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.3/8.14.3) with ESMTP id n0G5min1025493
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 16 Jan 2009 05:48:44 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.3/8.14.3/Submit) id n0G5miV0025492;
	Fri, 16 Jan 2009 05:48:44 GMT (envelope-from nobody)
Message-Id: <200901160548.n0G5miV0025492@www.freebsd.org>
Date: Fri, 16 Jan 2009 05:48:44 GMT
From: Mark Foster <mark@foster.cc>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: ports/130603: vuxml submission for php[45]-mbstring
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Jan 2009 05:50:06 -0000


>Number:         130603
>Category:       ports
>Synopsis:       vuxml submission for php[45]-mbstring
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 16 05:50:04 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Mark Foster
>Release:        7.1
>Organization:
Credentia
>Environment:
FreeBSD frau.foster.cc 7.1-RELEASE-p1 FreeBSD 7.1-RELEASE-p1 #4: Sat Jan 10 20:04:30 PST 2009     root@frau.foster.cc:/usr/obj/usr/src/sys/GENERIC  i386

>Description:

>How-To-Repeat:

>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
   <vuln vid="69005cc4-9e60-4f0c-ad48-536a604127e3">
     <topic>php-mbstring -- PHP mbstring Extension Buffer Overflow Vulnerability</topic>
     <affects>
       <package>
         <name>php5-mbstring</name>
         <range><le>5.2.6</le></range>
       </package>
       <package>
         <name>php4-mbstring</name>
         <range><ge>4.3.0</ge></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
         <p>SecurityFocus reports:</p>
         <blockquote cite="http://www.securityfocus.com/bid/32948">
           <p>PHP is prone to a buffer-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. The issue affects the mbstring extension included in the standard distribution.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver denying service to legitimate users.

PHP 4.3.0 up to and including 5.2.6 are vulnerable. </p>
         </blockquote>
       </body>
     </description>
     <references>
      <bid>32948</bid>
      <url>http://www.securityfocus.com/bid/32948</url>
      <cvename>CVE-2008-5557</cvename>
     </references>
     <dates>
       <discovery>2008-12-21</discovery>
       <entry>2009-01-15</entry>
     </dates>
   </vuln>



>Release-Note:
>Audit-Trail:
>Unformatted: