From owner-cvs-ports@FreeBSD.ORG  Thu Jan 13 05:44:53 2011
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E524F106564A;
	Thu, 13 Jan 2011 05:44:53 +0000 (UTC) (envelope-from rea@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id D60CF8FC13;
	Thu, 13 Jan 2011 05:44:53 +0000 (UTC)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.4/8.14.4) with ESMTP id p0D5irpU025222;
	Thu, 13 Jan 2011 05:44:53 GMT (envelope-from rea@repoman.freebsd.org)
Received: (from rea@localhost)
	by repoman.freebsd.org (8.14.4/8.14.4/Submit) id p0D5irvx025221;
	Thu, 13 Jan 2011 05:44:53 GMT (envelope-from rea)
Message-Id: <201101130544.p0D5irvx025221@repoman.freebsd.org>
From: Eygene Ryabinkin <rea@FreeBSD.org>
Date: Thu, 13 Jan 2011 05:44:53 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Jan 2011 05:44:54 -0000

rea         2011-01-13 05:44:53 UTC

  FreeBSD ports repository

  Modified files:
    security/vuxml       vuln.xml 
  Log:
  Split recent PHP entry into multiple ones
  
  Many reasons:
   - some vulnerabilities were present only in the specific
     PHP modules and not in the core PHP;
   - it is better to group vulnerabilities by-topic (DoS, code
     execution, etc);
   - PHAR vulnerability is present only in 5.3.x;
   - extract() vulnerability was fixed both in 5.2 and 5.3:
     http://www.mail-archive.com/php-cvs@lists.php.net/msg47722.html
   - NULL-byte poisoning was fixed only in 5.3, 5.2.x is still
     vulnerable to this design error;
   - DFS-related fixes are not relevant for FreeBSD, since DFS
     is Windows file system that is unsupported by us.
  
  PR: 153433
  Approved by: remko (secteam), erwin (mentor)
  Feature safe: yes
  
  Revision  Changes    Path
  1.2275    +247 -42   ports/security/vuxml/vuln.xml