From owner-freebsd-security@FreeBSD.ORG  Tue Nov 18 15:55:45 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3BBA31065744;
	Tue, 18 Nov 2008 15:55:45 +0000 (UTC)
	(envelope-from coley@linus.mitre.org)
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191])
	by mx1.freebsd.org (Postfix) with ESMTP id D56828FC1D;
	Tue, 18 Nov 2008 15:55:44 +0000 (UTC)
	(envelope-from coley@linus.mitre.org)
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1])
	by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id mAIF1K2r028407; 
	Tue, 18 Nov 2008 10:01:21 -0500
Received: from linus.mitre.org (linus.mitre.org [129.83.10.1])
	by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id mAIF1KGx028386; 
	Tue, 18 Nov 2008 10:01:20 -0500
Received: from faron.mitre.org (faron.mitre.org [129.83.10.2])
	by linus.mitre.org (8.12.11/8.12.10) with ESMTP id mAIF1KpE026484;
	Tue, 18 Nov 2008 10:01:20 -0500 (EST)
Date: Tue, 18 Nov 2008 10:01:20 -0500 (EST)
From: "Steven M. Christey" <coley@linus.mitre.org>
X-X-Sender: coley@faron.mitre.org
To: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
In-Reply-To: <9a6isDG2HABVFiTQKRYgHLbugj0@N7cbPDipnvOyJMD9YzFbYf8QNqE>
Message-ID: <Pine.GSO.4.51.0811180957530.22800@faron.mitre.org>
References: <20081118103433.38D5817115@shadow.codelabs.ru>
	<4922B371.6070002@quis.cx>
	<TqoTo5jliabZzOUld/zrRy5vtzI@+C9avPjAe6kfv7rH+xyHzR2RFw8>
	<4922B6F9.2000408@quis.cx>
	<9a6isDG2HABVFiTQKRYgHLbugj0@N7cbPDipnvOyJMD9YzFbYf8QNqE>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mailman-Approved-At: Tue, 18 Nov 2008 16:05:53 +0000
Cc: Jille Timmermans <jille@quis.cx>, bug-followup@freebsd.org,
	freebsd-security@freebsd.org, mloveless@mitre.org, cve@mitre.org,
	coley@mitre.org
Subject: Re: ports/128956: [patch] [vuxml] multiple vulnerabilities in PHP
 5.2.6
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Nov 2008 15:55:45 -0000


On Tue, 18 Nov 2008, Eygene Ryabinkin wrote:

> Steven, CVE-supporters, good day.
>
> Today I was submitted FreeBSD's VuXML entry for CVE-2008-3659 and it
> seem to be errorneously saying about "PHP 5.6".  Could you please try to
> follow the discuission and say something about the entry's description
> text?

It's pretty clear that the description was a typo.  It doesn't follow our
typical CVE description style of escalating versions when we list version
ranges.  Most likely I introduced this typo in the original description.

I've internally changed it to "5.x through 5.2.6."  This will show up on
the public CVE web site within a day or two.

Thank you for informing us!

- Steve