cvs commit: ports/security/vuxml vuln.xml
Vasil Dimov
vd at FreeBSD.org
Wed Oct 4 22:56:09 PDT 2006
On Thu, Oct 05, 2006 at 09:47:40AM +0400, Andrew Pantyukhin wrote:
> On 10/4/06, Simon L. Nielsen <simon at freebsd.org> wrote:
> >On 2006.10.04 17:10:46 +0000, Andrew Pantyukhin wrote:
> >> sat 2006-10-04 17:10:46 UTC
> >>
> >> FreeBSD ports repository
> >>
> >> Modified files:
> >> security/vuxml vuln.xml
> >> Log:
> >> - Document NULL byte injection vulnerability in phpbb
> >>
> >> Revision Changes Path
> >> 1.1167 +40 -1 ports/security/vuxml/vuln.xml
> >[...]
> >> | <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> >> | + <vuln vid="86526ba4-53c8-11db-8f1a-000a48049292">
> >> | + <topic>phpbb -- NULL byte injection vulnerability</topic>
> >> | + <affects>
> >> | + <package>
> >> | + <name>phpbb</name>
> >> | + <name>zh-phpbb-tw</name>
> >> | + <range><lt>2.0.22</lt></range>
> >
> >Where did you find info about this being fixed in 2.0.22? I couldn't
> >find it when checking the references and the phpbb web site.
>
> It seems I've been violating an extrapolation of your prior advice
> to use >0 when there's no fix. My rationale is to look at an advisory,
> it's credibility and publicity, look at the affected project and its
> history of fixing such advisories and draw a conclusion.
>
Do I correctly understand that you assumed that the issue will be fixed
in 2.0.22 which is not yet released?
This sounds totally bogus to me.
_Do not assume anything!_
--
Vasil Dimov
gro.DSBeerF at dv
%
Heavier than air flying machines are impossible.
-- Lord Kelvin, President, Royal Society, c. 1895
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 155 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/cvs-all/attachments/20061005/0f30b233/attachment.pgp
More information about the cvs-all
mailing list