On 2006.10.17 01:03:44 +0800, LI Xin wrote: > Simon L. Nielsen wrote: > > On 2006.10.16 09:30:58 +0000, Alex Dupre wrote: > >> ale 2006-10-16 09:30:58 UTC > >> > >> FreeBSD ports repository > >> > >> Modified files: > >> lang/php4 Makefile > >> lang/php5 Makefile > >> Added files: > >> lang/php4/files patch-ext_standard_dir.c > >> patch-main_php_open_temporary_file.c > >> patch-php.ini-dist > >> patch-php.ini-recommended > >> lang/php5/files patch-ext_standard_dir.c > >> patch-main_php_open_temporary_file.c > >> patch-php.ini-dist > >> patch-php.ini-recommended > >> Log: > >> - fix open_basedir vulnerability in php4 and php5 [1] > > > > Do you have a CVE name or a reference for exactly which issue this is? > > That would be http://www.hardened-php.net/advisory_082006.132.html or > CVE-2006-5178. I think we should mark these new versions as safe in vuxml.
OK, without any references it's a bit hard to check what these patches really do, but if ale@ says it fixes VuXML ID edabe438-542f-11db-a5ae-00508d6a62df then yes, the VuXML entry should be updated to mark the new php version as safe. -- Simon L. Nielsen _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
