Bug#422405: [php-maint] Bug#422405: Upstream PHP 5.2.2 Available
sean finney
seanius at debian.org
Sat May 5 17:16:56 UTC 2007
hi,
On Sat, 2007-05-05 at 12:48 -0400, Alan LeVee wrote:
> The PHP development team has released a new version of PHP 5 that fixes
> numerous security holes that affected both 5.2.0 and 5.2.1 (some of
> which I found no fixes for in the Debian packages).
for the record, most/all of the unaddressed issues were either minor,
non-issues (requiring a malicious user), or unsupported (i.e. safe-mode
bypassing). if you feel otherwise you should address the issues
specifically.
>
> I would these bugs to be taken very seriously especially the ones at
> php-security.org because they affect a great many web applications.
i hope you've never been given the impression otherwise. we spent
several weeks digging up and testing the fixes from php's cvs
repositories for the latest security advisories, which is a difficult
and thankless effort.
anyway, i've had an upload prepared since the day before yesterday, i'll
upload it some time today.
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070505/3e9e17d4/attachment.pgp
More information about the pkg-php-maint
mailing list