[php-maint] Bug#603751: Bug#603751: Three more security issues
Ondřej Surý
ondrej at debian.org
Wed Nov 17 21:36:21 UTC 2010
On Wed, Nov 17, 2010 at 21:32, Adam D. Barratt <adam at adam-barratt.org.uk> wrote:
> On Wed, 2010-11-17 at 10:05 +0100, Ondřej Surý wrote:
>> thanks for heads up. I have cherry-picked fixes and they are in php
>> git. Do you need any help with backporting those to lenny? Anyway I am
>> going to wait for 5.3.3-3 to squeeze into the squeeze :) and after
>> that I am going to upload 5.3.3-4.
>>
>> Meanwhile I thought it might be a good idea to went through svn log
> [...]
>> The fixes below are small, self-contained and I
>> have hand checked them all for sanity. There's even one CVE in
>> openbasedir which we have not catched before.
>
> I don't mind fixing the issues you mentioned if you think they're
> important enough at this stage. However, I'd prefer that an upload
> including such fixes did not have high urgency, so it may depend how
> urgent getting the security fixes in to Squeeze is.
That's fair since we are waiting for 5.3.3-3 to be in squeeze anyway
and I think that those three CVEs are not that urgent. Moritz could
you correct me if I am wrong? So I am going to upload 5.3.3-4 (it's
already built) with those changes I mentioned when 5.3.3-3 has
migrated to testing.
Ondrej
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list