From owner-freebsd-security@FreeBSD.ORG  Tue Nov 18 19:51:06 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CC76E106564A;
	Tue, 18 Nov 2008 19:51:06 +0000 (UTC)
	(envelope-from coley@linus.mitre.org)
Received: from smtp-bedford.mitre.org (smtp-bedford.mitre.org [129.83.20.191])
	by mx1.freebsd.org (Postfix) with ESMTP id 2EC798FC19;
	Tue, 18 Nov 2008 19:51:06 +0000 (UTC)
	(envelope-from coley@linus.mitre.org)
Received: from smtp-bedford.mitre.org (localhost.localdomain [127.0.0.1])
	by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id mAIJp2cd006793; 
	Tue, 18 Nov 2008 14:51:05 -0500
Received: from linus.mitre.org (linus.mitre.org [129.83.10.1])
	by smtp-bedford.mitre.org (8.13.1/8.13.1) with ESMTP id mAIJp0MO006598; 
	Tue, 18 Nov 2008 14:51:00 -0500
Received: from faron.mitre.org (faron.mitre.org [129.83.10.2])
	by linus.mitre.org (8.12.11/8.12.10) with ESMTP id mAIJoxBn006959;
	Tue, 18 Nov 2008 14:50:59 -0500 (EST)
Date: Tue, 18 Nov 2008 14:50:59 -0500 (EST)
From: "Steven M. Christey" <coley@linus.mitre.org>
X-X-Sender: coley@faron.mitre.org
To: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
In-Reply-To: <HFT9UPqQxMKr5hueUanFpyCwPgI@BWOFZFtpv6375xxU2Y12WR4LQqg>
Message-ID: <Pine.GSO.4.51.0811181449170.22800@faron.mitre.org>
References: <20081118103433.38D5817115@shadow.codelabs.ru>
	<4922B371.6070002@quis.cx>
	<TqoTo5jliabZzOUld/zrRy5vtzI@+C9avPjAe6kfv7rH+xyHzR2RFw8>
	<4922B6F9.2000408@quis.cx>
	<9a6isDG2HABVFiTQKRYgHLbugj0@N7cbPDipnvOyJMD9YzFbYf8QNqE>
	<Pine.GSO.4.51.0811180957530.22800@faron.mitre.org>
	<HFT9UPqQxMKr5hueUanFpyCwPgI@BWOFZFtpv6375xxU2Y12WR4LQqg>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mailman-Approved-At: Tue, 18 Nov 2008 20:03:26 +0000
Cc: Jille Timmermans <jille@quis.cx>, bug-followup@freebsd.org,
	"Steven M. Christey" <coley@linus.mitre.org>,
	freebsd-security@freebsd.org, mloveless@mitre.org, cve@mitre.org,
	coley@mitre.org
Subject: Re: ports/128956: [patch] [vuxml] multiple vulnerabilities in PHP
 5.2.6
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Nov 2008 19:51:06 -0000


> So, the VuXML entry should be changed accordingly.  New content is
> attached.

Just for my own understanding, did the erroneous CVE description cause any
extra work on your part?  What if the desc had only said "5.2 through
5.2.6" at first?

I'm asking because I'm trying to understandind how people use CVE and what
impact our errors might have on others.

Thanks,
Steve