cvs commit: ports/lang/php4 Makefile ports/lang/php4/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c patch-php.ini-dist patch-php.ini-recommended ports/lang/php5 Makefile ports/lang/php5/files patch-ext_standard_dir.c patch-main_php_open_temporary_file.c ...

Simon L. Nielsen simon at FreeBSD.org
Mon Oct 16 17:15:43 UTC 2006


On 2006.10.17 01:03:44 +0800, LI Xin wrote:
> Simon L. Nielsen wrote:
> > On 2006.10.16 09:30:58 +0000, Alex Dupre wrote:
> >> ale         2006-10-16 09:30:58 UTC
> >>
> >>   FreeBSD ports repository
> >>
> >>   Modified files:
> >>     lang/php4            Makefile 
> >>     lang/php5            Makefile 
> >>   Added files:
> >>     lang/php4/files      patch-ext_standard_dir.c 
> >>                          patch-main_php_open_temporary_file.c 
> >>                          patch-php.ini-dist 
> >>                          patch-php.ini-recommended 
> >>     lang/php5/files      patch-ext_standard_dir.c 
> >>                          patch-main_php_open_temporary_file.c 
> >>                          patch-php.ini-dist 
> >>                          patch-php.ini-recommended 
> >>   Log:
> >>   - fix open_basedir vulnerability in php4 and php5 [1]
> > 
> > Do you have a CVE name or a reference for exactly which issue this is?
> 
> That would be http://www.hardened-php.net/advisory_082006.132.html or
> CVE-2006-5178.  I think we should mark these new versions as safe in vuxml.

OK, without any references it's a bit hard to check what these patches
really do, but if ale@ says it fixes VuXML ID
edabe438-542f-11db-a5ae-00508d6a62df then yes, the VuXML entry should
be updated to mark the new php version as safe.

-- 
Simon L. Nielsen


More information about the cvs-all mailing list