From owner-freebsd-security@FreeBSD.ORG  Mon Sep  8 15:57:58 2008
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4629D106564A
	for <freebsd-security@freebsd.org>;
	Mon,  8 Sep 2008 15:57:58 +0000 (UTC)
	(envelope-from astorms@ncircle.com)
Received: from mail.ncircle.com (mail.ncircle.com [64.84.9.150])
	by mx1.freebsd.org (Postfix) with ESMTP id 3003D8FC16
	for <freebsd-security@freebsd.org>;
	Mon,  8 Sep 2008 15:57:57 +0000 (UTC)
	(envelope-from astorms@ncircle.com)
Received: from CORP-MAIL.ad.ncircle.com (corpmail-01.ncircle.com
	[192.168.75.90])
	by mail.ncircle.com (8.14.2/8.14.2) with ESMTP id m88FXoxE079110
	for <freebsd-security@freebsd.org>; Mon, 8 Sep 2008 08:33:50 -0700 (PDT)
	(envelope-from astorms@ncircle.com)
Received: from 192.168.75.178 ([192.168.75.178]) by CORP-MAIL.ad.ncircle.com
	([192.168.75.94]) via Exchange Front-End Server
	webmail-01.ad.ncircle.com ([192.168.75.93]) with Microsoft
	Exchange Server HTTP-DAV ; Mon,  8 Sep 2008 15:33:51 +0000
User-Agent: Microsoft-Entourage/11.4.0.080122
Date: Mon, 08 Sep 2008 08:33:49 -0700
From: Andrew Storms <astorms@ncircle.com>
To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
Message-ID: <C4EA93ED.1AD025%astorms@ncircle.com>
Thread-Topic: Question on recent PHP VuXML info
Thread-Index: AckRyEoIiKqQkX27Ed2+cAARJIv+sA==
Mime-version: 1.0
Content-type: text/plain;
	charset="US-ASCII"
Content-transfer-encoding: 7bit
X-Spam-Score: -4.307 () ALL_TRUSTED,AWL,BAYES_00
X-Scanned-By: MIMEDefang 2.63 on 64.84.9.150
Subject: Question on recent PHP VuXML info
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2008 15:57:58 -0000

Not sure if this is the correct place for VuXML questions, but the FreeBSD
VuXML list ( http://lists.freebsd.org/pipermail/freebsd-vuxml/) looks pretty
dead given the last update was in 2007 according to the archives.

We were previously tracking this entry, which pretty much sat for a while
without an applicable upgradeable resolution available.

Affected package: php5-posix-5.2.6
Type of problem: php -- input validation error in posix_access function.
Reference:
<http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849
.html>

-----------

Then late last week, the same VuXML ID started reporting this information
instead:

Affected package: php5-5.2.6
Type of problem: php -- input validation error in safe_mode.
Reference: 
<http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849
.html>

------------


The generic question I'm asking is: What happened and why?  Seems to me that
if you have a VuXML ID (which, I thought wasn't suppose to be re-used), then
it's name and description shouldn't just apparently change one day.

So is the prior "php5-posix-5.2.6" and the now "php5-5.2.6" with same ID,
the same bug, a new description, does the newer supercede, etc, etc?  Where
can I get the background on what went on here?

Thanks.

-_S