From owner-cvs-ports@FreeBSD.ORG  Sun Jun 22 17:43:23 2008
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C3785106566B;
	Sun, 22 Jun 2008 17:43:23 +0000 (UTC)
	(envelope-from simon@zaphod.nitro.dk)
Received: from mx.nitro.dk (zarniwoop.nitro.dk [83.92.207.38])
	by mx1.freebsd.org (Postfix) with ESMTP id 7BA068FC0C;
	Sun, 22 Jun 2008 17:43:22 +0000 (UTC)
	(envelope-from simon@zaphod.nitro.dk)
Received: from zaphod.nitro.dk (unknown [192.168.3.39])
	by mx.nitro.dk (Postfix) with ESMTP id 09A491E8C0D;
	Sun, 22 Jun 2008 17:42:54 +0000 (UTC)
Received: by zaphod.nitro.dk (Postfix, from userid 3000)
	id B412B11DB8; Sun, 22 Jun 2008 19:43:21 +0200 (CEST)
Date: Sun, 22 Jun 2008 19:43:21 +0200
From: "Simon L. Nielsen" <simon@FreeBSD.org>
To: Stanislav Sedov <stas@FreeBSD.org>
Message-ID: <20080622174320.GA1119@zaphod.nitro.dk>
References: <200806220917.m5M9Hpg2013375@repoman.freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <200806220917.m5M9Hpg2013375@repoman.freebsd.org>
User-Agent: Mutt/1.5.16 (2007-06-09)
Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/security/vuxml vuln.xml
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Jun 2008 17:43:23 -0000

On 2008.06.22 09:17:51 +0000, Stanislav Sedov wrote:
> stas        2008-06-22 09:17:51 UTC
> 
>   FreeBSD ports repository
> 
>   Modified files:
>     security/vuxml       vuln.xml 
>   Log:
>   - Document php5-posix directory traversal vulnerability.

This is not really a real/serious vulnerability as "safe_mode" isn't
safe at all.

At least a note should be added that safe_mode isn't considered safe.
See also ports/lang/php5/files/patch-php.ini-recommended .

I think there is an comment from an earlier entry which can be
copy/pasted.

All that said, thanks for working on VuXML and helping documenting
issues!

-- 
Simon L. Nielsen
FreeBSD Security Team