From owner-cvs-all@FreeBSD.ORG Mon Oct 16 17:15:43 2006 Return-Path: X-Original-To: cvs-all@FreeBSD.ORG Delivered-To: cvs-all@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B0A816A403; Mon, 16 Oct 2006 17:15:43 +0000 (UTC) (envelope-from simon@zaphod.nitro.dk) Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id B23C843D45; Mon, 16 Oct 2006 17:15:42 +0000 (GMT) (envelope-from simon@zaphod.nitro.dk) Received: from zaphod.nitro.dk (unknown [192.168.3.39]) by mx.nitro.dk (Postfix) with ESMTP id CF7C1300496; Mon, 16 Oct 2006 17:15:41 +0000 (UTC) Received: by zaphod.nitro.dk (Postfix, from userid 3000) id 4279C1141D; Mon, 16 Oct 2006 19:15:41 +0200 (CEST) Date: Mon, 16 Oct 2006 19:15:40 +0200 From: "Simon L. Nielsen" To: LI Xin Message-ID: <20061016171540.GB1040@zaphod.nitro.dk> References: <200610160930.k9G9UwJj029252@repoman.freebsd.org> <20061016165426.GA1040@zaphod.nitro.dk> <4533BB70.2090006@delphij.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4533BB70.2090006@delphij.net> User-Agent: Mutt/1.5.11 Cc: cvs-ports@FreeBSD.ORG, cvs-all@FreeBSD.ORG, Alex Dupre , ports-committers@FreeBSD.ORG Subject: Re: cvs commit: ports/lang/php4 Makefile ports/lang/php4/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c patch-php.ini-dist patch-php.ini-recommended ports/lang/php5 Makefile ports/lang/php5/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c ... X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Oct 2006 17:15:43 -0000 On 2006.10.17 01:03:44 +0800, LI Xin wrote: > Simon L. Nielsen wrote: > > On 2006.10.16 09:30:58 +0000, Alex Dupre wrote: > >> ale 2006-10-16 09:30:58 UTC > >> > >> FreeBSD ports repository > >> > >> Modified files: > >> lang/php4 Makefile > >> lang/php5 Makefile > >> Added files: > >> lang/php4/files patch-ext_standard_dir.c > >> patch-main_php_open_temporary_file.c > >> patch-php.ini-dist > >> patch-php.ini-recommended > >> lang/php5/files patch-ext_standard_dir.c > >> patch-main_php_open_temporary_file.c > >> patch-php.ini-dist > >> patch-php.ini-recommended > >> Log: > >> - fix open_basedir vulnerability in php4 and php5 [1] > > > > Do you have a CVE name or a reference for exactly which issue this is? > > That would be http://www.hardened-php.net/advisory_082006.132.html or > CVE-2006-5178. I think we should mark these new versions as safe in vuxml. OK, without any references it's a bit hard to check what these patches really do, but if ale@ says it fixes VuXML ID edabe438-542f-11db-a5ae-00508d6a62df then yes, the VuXML entry should be updated to mark the new php version as safe. -- Simon L. Nielsen