cvs commit: ports/lang/php4 Makefile ports/lang/php4/files
patch-ext_standard_dir.c patch-main_php_open_temporary_file.c
patch-php.ini-dist patch-php.ini-recommended ports/lang/php5
Makefile ports/lang/php5/files patch-ext_standard_dir.c
patch-main_php_open_temporary_file.c ...
Simon L. Nielsen
simon at FreeBSD.org
Mon Oct 16 17:15:43 UTC 2006
On 2006.10.17 01:03:44 +0800, LI Xin wrote:
> Simon L. Nielsen wrote:
> > On 2006.10.16 09:30:58 +0000, Alex Dupre wrote:
> >> ale 2006-10-16 09:30:58 UTC
> >>
> >> FreeBSD ports repository
> >>
> >> Modified files:
> >> lang/php4 Makefile
> >> lang/php5 Makefile
> >> Added files:
> >> lang/php4/files patch-ext_standard_dir.c
> >> patch-main_php_open_temporary_file.c
> >> patch-php.ini-dist
> >> patch-php.ini-recommended
> >> lang/php5/files patch-ext_standard_dir.c
> >> patch-main_php_open_temporary_file.c
> >> patch-php.ini-dist
> >> patch-php.ini-recommended
> >> Log:
> >> - fix open_basedir vulnerability in php4 and php5 [1]
> >
> > Do you have a CVE name or a reference for exactly which issue this is?
>
> That would be http://www.hardened-php.net/advisory_082006.132.html or
> CVE-2006-5178. I think we should mark these new versions as safe in vuxml.
OK, without any references it's a bit hard to check what these patches
really do, but if ale@ says it fixes VuXML ID
edabe438-542f-11db-a5ae-00508d6a62df then yes, the VuXML entry should
be updated to mark the new php version as safe.
--
Simon L. Nielsen
More information about the cvs-all
mailing list