svn commit: r362109 - head/net/php53-xmlrpc/files
Dag-Erling Smørgrav
des at des.no
Mon Jul 21 12:07:33 UTC 2014
Florian Smeets <flo at FreeBSD.org> writes:
> Author: flo
> Date: Wed Jul 16 20:36:14 2014
> New Revision: 362109
> URL: http://svnweb.freebsd.org/changeset/ports/362109
> QAT: https://qat.redports.org/buildarchive/r362109/
>
> Log:
> Merge a patch from lang/php5 to fix build breakage.
>
> Requested by: George L. Yermulnik <yz at yz.kiev.ua>
https://wiki.freebsd.org/Ports/CPE
This port has CPE data. In the (currently highly hypothetical) scenario
where someone runs an audit tool to check their installed packages
against the NVE XML feed, and a CVE is issued for this bug, they will
get a false positive because the CPE string does not reflect the
presence of this patch. The best way around it is probably to set
CPE_OTHER=${PORTREVISION} so we can report to MITRE / NIST that
cpe:/a:php:php:5.3.28::~~~freebsd~~3 (or, in CPE 2.3 notation,
cpe:2.3:a:php:php:5.3.28:::::freebsd::3) is not vulnerable. Not your
fault, but food for thought.
BTW, you should have added a vuxml entry for this, or asked
ports-secteam to do it for you.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the svn-ports-head
mailing list