Date: Mon, 08 Sep 2008 08:33:49 -0700 From: Andrew Storms <astorms@ncircle.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Question on recent PHP VuXML info Message-ID: <C4EA93ED.1AD025%astorms@ncircle.com>
next in thread | raw e-mail | index | archive | help
Not sure if this is the correct place for VuXML questions, but the FreeBSD VuXML list ( http://lists.freebsd.org/pipermail/freebsd-vuxml/) looks pretty dead given the last update was in 2007 according to the archives. We were previously tracking this entry, which pretty much sat for a while without an applicable upgradeable resolution available. Affected package: php5-posix-5.2.6 Type of problem: php -- input validation error in posix_access function. Reference: <http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849 .html> ----------- Then late last week, the same VuXML ID started reporting this information instead: Affected package: php5-5.2.6 Type of problem: php -- input validation error in safe_mode. Reference: <http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849 .html> ------------ The generic question I'm asking is: What happened and why? Seems to me that if you have a VuXML ID (which, I thought wasn't suppose to be re-used), then it's name and description shouldn't just apparently change one day. So is the prior "php5-posix-5.2.6" and the now "php5-5.2.6" with same ID, the same bug, a new description, does the newer supercede, etc, etc? Where can I get the background on what went on here? Thanks. -_S
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C4EA93ED.1AD025%astorms>