From thierry@pompo.net  Thu Jul  7 17:24:10 2005
Return-Path: <thierry@pompo.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E584616A41C
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  7 Jul 2005 17:24:10 +0000 (GMT)
	(envelope-from thierry@pompo.net)
Received: from ws90bj.pompo.net (graf.pompo.net [81.56.186.139])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 61E6243D49
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  7 Jul 2005 17:24:09 +0000 (GMT)
	(envelope-from thierry@pompo.net)
Received: by ws90bj.pompo.net (Postfix, from userid 1001)
	id DDCB022B8B1; Thu,  7 Jul 2005 19:22:56 +0200 (CEST)
Message-Id: <20050707172256.DDCB022B8B1@ws90bj.pompo.net>
Date: Thu,  7 Jul 2005 19:22:56 +0200 (CEST)
From: Thierry Thomas <thierry@pompo.net>
Reply-To: Thierry Thomas <thierry@pompo.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: antonio@php.net
Subject: devel/pear-XML_RPC: eliminate two path disclosure vulnerabilities.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         83106
>Category:       ports
>Synopsis:       devel/pear-XML_RPC: eliminate two path disclosure vulnerabilities.
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    thierry
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 07 17:30:19 GMT 2005
>Closed-Date:    Thu Jul 07 22:32:27 GMT 2005
>Last-Modified:  Thu Jul 07 22:32:27 GMT 2005
>Originator:     Thierry Thomas
>Release:        FreeBSD 5.4-STABLE i386
>Organization:
Kabbale Eros
>Environment:
System: FreeBSD ws90bj.pompo.net 5.4-STABLE FreeBSD 5.4-STABLE #0: Sun May 22 14:07:39 CEST 2005 thierry@ws90bj.pompo.net:/usr/obj/usr/src/sys/WS90BJ-050222 i386


	
>Description:
	Update to 1.3.2. According to changelog:

	* Eliminate path disclosure vulnerabilities by suppressing error
	  messages when eval()'ing;
	* Eliminate path disclosure vulnerability by catching bogus parameters
	  submitted to XML_RPC_Value::serializeval().

	Full changelog at <http://pear.php.net/package/XML_RPC/download/1.3.2>.

>How-To-Repeat:
	N/A.

>Fix:
	Apply the following patch:

--- pear-XML_RPC.diff begins here ---
diff -urN devel/pear-XML_RPC.orig/Makefile devel/pear-XML_RPC/Makefile
--- devel/pear-XML_RPC.orig/Makefile	Mon Jul  4 19:20:45 2005
+++ devel/pear-XML_RPC/Makefile	Thu Jul  7 19:08:43 2005
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	XML_RPC
-PORTVERSION=	1.3.1
+PORTVERSION=	1.3.2
 CATEGORIES=	devel www pear
 
 MAINTAINER=	antonio@php.net
diff -urN devel/pear-XML_RPC.orig/distinfo devel/pear-XML_RPC/distinfo
--- devel/pear-XML_RPC.orig/distinfo	Mon Jul  4 19:20:56 2005
+++ devel/pear-XML_RPC/distinfo	Thu Jul  7 19:08:59 2005
@@ -1,2 +1,2 @@
-MD5 (PEAR/XML_RPC-1.3.1.tgz) = c27e8cc85ff7cb86b119e933bd2eafc1
-SIZE (PEAR/XML_RPC-1.3.1.tgz) = 25310
+MD5 (PEAR/XML_RPC-1.3.2.tgz) = 6f2d8de8f5ddd72dba3946e0a8c95a40
+SIZE (PEAR/XML_RPC-1.3.2.tgz) = 25837
--- pear-XML_RPC.diff ends here ---

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->thierry 
Responsible-Changed-By: thierry 
Responsible-Changed-When: Thu Jul 7 17:35:14 GMT 2005 
Responsible-Changed-Why:  

Waiting for maintainer approval. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=83106 
State-Changed-From-To: open->closed 
State-Changed-By: thierry 
State-Changed-When: Thu Jul 7 22:32:00 GMT 2005 
State-Changed-Why:  

Committed with maintainer's approval. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=83106 
>Unformatted:
