svn commit: r323525 - head/security/vuxml
Bryan Drewery
bdrewery at FreeBSD.org
Tue Jul 23 10:32:23 UTC 2013
Author: bdrewery
Date: Tue Jul 23 10:32:22 2013
New Revision: 323525
URL: http://svnweb.freebsd.org/changeset/ports/323525
Log:
- Update whitespace for 2fbfd455-f2d0-11e2-8a46-000d601460a4
Requested by: remko
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Jul 23 10:20:02 2013 (r323524)
+++ head/security/vuxml/vuln.xml Tue Jul 23 10:32:22 2013 (r323525)
@@ -65,14 +65,12 @@ Note: Please add new entries to the beg
<blockquote cite="https://lists.marsching.com/pipermail/suphp/2013-May/002552.html">
<p>When the suPHP_PHPPath was set, mod_suphp would use the specified PHP
executable to pretty-print PHP source files (MIME type
- x-httpd-php-source or application/x-httpd-php-source).
-
- However, it would not sanitize the environment. Thus a user that was
+ x-httpd-php-source or application/x-httpd-php-source).</p>
+ <p>However, it would not sanitize the environment. Thus a user that was
allowed to use the SetEnv directive in a .htaccess file (AllowOverride
FileInfo) could make PHP load a malicious configuration file (e.g.
- loading malicious extensions).
-
- As the PHP process for highlighting the source file was run with the
+ loading malicious extensions).</p>
+ <p>As the PHP process for highlighting the source file was run with the
privileges of the user Apache HTTPd was running as, a local attacker
could probably execute arbitrary code with the privileges of this user.</p>
</blockquote>
More information about the svn-ports-all
mailing list