svn commit: r362109 - head/net/php53-xmlrpc/files

Dag-Erling Smørgrav des at des.no
Mon Jul 21 12:07:33 UTC 2014


Florian Smeets <flo at FreeBSD.org> writes:
> Author: flo
> Date: Wed Jul 16 20:36:14 2014
> New Revision: 362109
> URL: http://svnweb.freebsd.org/changeset/ports/362109
> QAT: https://qat.redports.org/buildarchive/r362109/
>
> Log:
>   Merge a patch from lang/php5 to fix build breakage.
>   
>   Requested by:	George L. Yermulnik <yz at yz.kiev.ua>

https://wiki.freebsd.org/Ports/CPE

This port has CPE data.  In the (currently highly hypothetical) scenario
where someone runs an audit tool to check their installed packages
against the NVE XML feed, and a CVE is issued for this bug, they will
get a false positive because the CPE string does not reflect the
presence of this patch.  The best way around it is probably to set
CPE_OTHER=${PORTREVISION} so we can report to MITRE / NIST that
cpe:/a:php:php:5.3.28::~~~freebsd~~3 (or, in CPE 2.3 notation,
cpe:2.3:a:php:php:5.3.28:::::freebsd::3) is not vulnerable.  Not your
fault, but food for thought.

BTW, you should have added a vuxml entry for this, or asked
ports-secteam to do it for you.

DES
-- 
Dag-Erling Smørgrav - des at des.no


More information about the svn-ports-head mailing list