From owner-freebsd-security@FreeBSD.ORG Tue Nov 18 12:29:12 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42752106564A; Tue, 18 Nov 2008 12:29:12 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id E3D778FC16; Tue, 18 Nov 2008 12:29:11 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To:Sender; b=kiVxNgsS34CByBX2F7ED0W00Abh42g39P18U/TgeMNQJxCj0SDbdhqvF3YooJK2YydMHyDnNNYBjGt+m+5tv+J5woOUIYrw4ddz77Vl0H1kAFkBXyTqkUZm1r2gw0v2TxLtEhAvP7ayiyDCNNmSqdG4QOABU/ve++XrmtUgSmgY=; Received: from void.codelabs.ru (void.codelabs.ru [144.206.177.25]) by 0.mx.codelabs.ru with esmtpsa (TLSv1:AES256-SHA:256) id 1L2Phd-0008xG-CJ; Tue, 18 Nov 2008 15:29:09 +0300 Date: Tue, 18 Nov 2008 15:29:08 +0300 From: Eygene Ryabinkin To: Jille Timmermans Message-ID: References: <20081118103433.38D5817115@shadow.codelabs.ru> <4922B371.6070002@quis.cx> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="J5MfuwkIyy7RmF4Q" Content-Disposition: inline In-Reply-To: <4922B371.6070002@quis.cx> Sender: rea-fbsd@codelabs.ru Cc: freebsd-security@freebsd.org, bug-followup@freebsd.org Subject: Re: ports/128956: [patch] [vuxml] multiple vulnerabilities in PHP 5.2.6 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2008 12:29:12 -0000 --J5MfuwkIyy7RmF4Q Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Jille, good day. Tue, Nov 18, 2008 at 01:22:09PM +0100, Jille Timmermans wrote: > I think there is a typo in the vuxml descriptions: > "PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6" > (PHP 5.6 doesn't exist (yet)) Yes: it was written in that way at the CVE entry. I had spotted this, but was not sure how to handle this. Perhaps VuXML entry should really say "PHP 5.2 through 5.2.6" to avoid reader's confusion. Thanks for spotting this! --=20 Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual =20 )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook=20 {_.-``-' {_/ # --J5MfuwkIyy7RmF4Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) iEYEARECAAYFAkkitRQACgkQthUKNsbL7YgwgwCeMZynRWEuKNm1tJG2SLfqKfqr Ld8An3bQ4SXfBGxvX/Q7HRQd+5wNf3os =cIPL -----END PGP SIGNATURE----- --J5MfuwkIyy7RmF4Q--