Bug 169272 - [update] lang/php52 to 5.2.17_9 (20120526)
Summary: [update] lang/php52 to 5.2.17_9 (20120526)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Ruslan Makhmatkhanov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-06-20 18:40 UTC by Svyatoslav Lempert
Modified: 2012-10-17 19:05 UTC (History)
0 users

See Also:

Attachments
file.diff (1.74 KB, patch)
2012-06-20 18:40 UTC, Svyatoslav Lempert 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Svyatoslav Lempert 2012-06-20 18:40:09 UTC 
- update backports patch to latest version (20120526)
- magic_quotes_gpc fix for regression introduced by CVE-2012-0831 fix
- security 3761df02-0f9c-11e0-becc-0022156e8794 59b68b1e-9c78-11e1-b5e0-000c299b62e1


Please remove security vulnerabilities

http://www.vuxml.org/freebsd/3761df02-0f9c-11e0-becc-0022156e8794.html
CVE-2006-7243 : This is NOT vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=662707
We do not consider safe_mode / open_basedir restriction bypass issues to be
security sensitive.  For more details see
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1

http://www.vuxml.org/freebsd/59b68b1e-9c78-11e1-b5e0-000c299b62e1.html
CVE-2012-1823 : was fixed in 5.2.17_8
CVE-2012-2311 : fixed in the last patch
CVE-2012-2329 : this flaw only affects PHP 5.4.0 through 5.4.2 https://access.redhat.com/security/cve/CVE-2012-2329 https://bugzilla.redhat.com/show_bug.cgi?id=820000

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2012-06-20 18:40:31 UTC 
Maintainer of lang/php52,

Please note that PR ports/169272 has just been submitted.

If it contains a patch for an upgrade, an enhancement or a bug fix
you agree on, reply to this email stating that you approve the patch
and a committer will take care of it.

The full text of the PR can be found at:
    http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/169272

-- 
Edwin Groothuis via the GNATS Auto Assign Tool
edwin@FreeBSD.org
Comment 2 Edwin Groothuis freebsd_committer freebsd_triage 2012-06-20 18:40:34 UTC 
State Changed
From-To: open->feedback

Awaiting maintainers feedback (via the GNATS Auto Assign Tool)
Comment 3 admin 2012-06-26 22:09:11 UTC 
please, commit this
Comment 4 Mark Linimon freebsd_committer freebsd_triage 2012-06-26 23:44:40 UTC 
State Changed
From-To: feedback->open

Maintainer approved.
Comment 5 Ruslan Makhmatkhanov freebsd_committer freebsd_triage 2012-06-30 14:36:13 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->rm

I will take it.
Comment 6 dfilter service freebsd_committer freebsd_triage 2012-07-01 00:01:10 UTC 
rm          2012-06-30 23:00:58 UTC

  FreeBSD ports repository

  Modified files:
    lang/php52           Makefile distinfo 
  Log:
  - update backports patch to 20120526
  - bump PORTREVISION
  
  PR:             169272
  Submitted by:   Svyatoslav Lempert <svyatoslav.lempert at gmail dot com>
  Approved by:    Alex Keda <admin at lissyara dot su> (maintainer)
  
  Revision  Changes    Path
  1.31      +2 -2      ports/lang/php52/Makefile
  1.14      +2 -2      ports/lang/php52/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 7 Ruslan Makhmatkhanov freebsd_committer freebsd_triage 2012-07-01 21:06:32 UTC 
State Changed
From-To: open->patched

Update had committed, thank you. Now checking the CVE stuff.
Comment 8 Ruslan Makhmatkhanov freebsd_committer freebsd_triage 2012-10-17 19:05:08 UTC 
State Changed
From-To: patched->closed

First issue still wasn't fixed, as I understand, while second one was 
fixed in 5.2.17_9 and vuxml entry was already updated. So no changes is 
needed according to this pr. Safe to close.