OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Question on recent PHP VuXML info

From: Andrew Storms (astormsncircle.com)
Date: Mon Sep 08 2008 - 10:33:49 CDT


Not sure if this is the correct place for VuXML questions, but the FreeBSD
VuXML list ( http://lists.freebsd.org/pipermail/freebsd-vuxml/) looks pretty
dead given the last update was in 2007 according to the archives.

We were previously tracking this entry, which pretty much sat for a while
without an applicable upgradeable resolution available.

Affected package: php5-posix-5.2.6
Type of problem: php -- input validation error in posix_access function.
Reference:
<http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849
.html>

-----------

Then late last week, the same VuXML ID started reporting this information
instead:

Affected package: php5-5.2.6
Type of problem: php -- input validation error in safe_mode.
Reference:
<http://www.FreeBSD.org/ports/portaudit/ee6fa2bd-406a-11dd-936a-0015af872849
.html>

------------

The generic question I'm asking is: What happened and why? Seems to me that
if you have a VuXML ID (which, I thought wasn't suppose to be re-used), then
it's name and description shouldn't just apparently change one day.

So is the prior "php5-posix-5.2.6" and the now "php5-5.2.6" with same ID,
the same bug, a new description, does the newer supercede, etc, etc? Where
can I get the background on what went on here?

Thanks.

-_S

_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"