ports/128956: [patch] [vuxml] multiple vulnerabilities in PHP
5.2.6
Jille Timmermans
jille at quis.cx
Tue Nov 18 04:37:11 PST 2008
Good day to you too,
"PHP 5.2 through 5.2.6" makes the most sense.
However, "PHP 5.1 through" or even "PHP 5 through" are also possible.
I don't know much about CVE's; can we provide them feedback for this typo ?
I think the best is to wait for the CVE to get fixed and fix it in the vuxml entry afterwards.
I think you also had that plan ;)
-- Jille
Eygene Ryabinkin wrote:
> Jille, good day.
>
> Tue, Nov 18, 2008 at 01:22:09PM +0100, Jille Timmermans wrote:
>
>> I think there is a typo in the vuxml descriptions:
>> "PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6"
>> (PHP 5.6 doesn't exist (yet))
>>
>
> Yes: it was written in that way at the CVE entry. I had spotted this,
> but was not sure how to handle this. Perhaps VuXML entry should really
> say "PHP 5.2 through 5.2.6" to avoid reader's confusion.
>
> Thanks for spotting this!
>
More information about the freebsd-security
mailing list