Date: Thu, 10 May 2012 00:31:55 -0400 From: Eitan Adler <eadler@freebsd.org> To: Steve Wills <swills@mouf.net> Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, Alex Dupre <ale@freebsd.org>, ports-committers@freebsd.org Subject: Re: cvs commit: ports/lang/php5 Makefile distinfo Message-ID: <CAF6rxgkJX6E7oWaHnpBfSMdCadf=funwEw0Ak%2BVp4iCBxybQ9Q@mail.gmail.com> In-Reply-To: <2519A7A5-93F0-4A92-9A7E-5E2F81D4D4CF@mouf.net> References: <201205090543.q495hW3J002691@repoman.freebsd.org> <E61E8802-586A-4455-BA2C-88B0F4D9C877@mouf.net> <CAF6rxg=hsYnG%2BN2aPyyCsdqXV0UuCiy7PnW19O7jX6-YVSB8_A@mail.gmail.com> <2519A7A5-93F0-4A92-9A7E-5E2F81D4D4CF@mouf.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10 May 2012 00:26, Steve Wills <swills@mouf.net> wrote: > On May 10, 2012, at 12:20 AM, Eitan Adler wrote: > >> On 10 May 2012 00:10, Steve Wills <swills@mouf.net> wrote: >>> Hi, >>> >>> Thanks for making this happen so quickly! Just wondering, should the vuxml entry be updated or perhaps a new one added? >> >> CVE-2012-1823 seems to be documented already with the correct version numbers. >> This commit is missing a Security: tag but other that I don't see >> anything wrong. > > The current VuXML entry says php5 < 5.3.12. Is there really no need to upgrade to 5.3.13 or am I missing something? I'm an idiot - the fix in 5.3.12 was only a partial fix. When originally committed it should have had <le> not <lt>. The existing VuXML should be updated and the body text should explain the specifics. I won't have time to do that tonight :( -- Eitan Adler Source & Ports committer X11, Bugbusting teams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgkJX6E7oWaHnpBfSMdCadf=funwEw0Ak%2BVp4iCBxybQ9Q>