Update for php5 safe_mode fix.

1 files changed, 8 insertions, 7 deletions

diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 3090a73d1704..0539e721b6f4 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -785,21 +785,21 @@ Note:  Please add new entries to the beginning of this file.
   </vuln>
 
   <vuln vid="ee6fa2bd-406a-11dd-936a-0015af872849">
-    <topic>php -- input validation error in posix_access function</topic>
+    <topic>php -- input validation error in safe_mode</topic>
     <affects>
       <package>
-	<name>php5-posix</name>
-	<range><ge>5.0</ge></range>
+	<name>php5</name>
+	<range><lt>5.2.6_2</lt></range>
       </package>
     </affects>
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>According to Maksymilian Arciemowicz research,
 	  it is possible to bypass security restrictions
-	  of <code>safe_mode</code> in <code>posix_access()</code>
-	  function via directory traversal vulnerability. The attacker
+	  of <code>safe_mode</code> in various
+	  functions via directory traversal vulnerability. The attacker
 	  can use this attack to gain access to sensitive
-	  information. Other functions utilizing
+	  information. Functions utilizing
 	  <code>expand_filepath()</code> may be affected.</p>
 	<p>It should be noted that this vulnerability is not
 	  considered to be serious by the FreeBSD Security Team,
@@ -809,13 +809,14 @@ Note:  Please add new entries to the beginning of this file.
     </description>
     <references>
       <cvename>CVE-2008-2665</cvename>
+      <cvename>CVE-2008-2666</cvename>
       <bid>29797</bid>
       <url>http://securityreason.com/achievement_securityalert/54</url>
     </references>
     <dates>
       <discovery>2008-06-17</discovery>
       <entry>2008-06-22</entry>
-      <modified>2008-06-22</modified>
+      <modified>2008-09-04</modified>
     </dates>
   </vuln>