[php-maint] Bug#603751: Bug#603751: Three more security issues
Ondřej Surý
ondrej at debian.org
Wed Nov 17 21:38:09 UTC 2010
On Wed, Nov 17, 2010 at 21:06, Moritz Muehlenhoff <jmm at inutil.org> wrote:
> On Wed, Nov 17, 2010 at 10:05:35AM +0100, Ondřej Surý wrote:
>> Hi Moritz, Adam,
>>
>> thanks for heads up. I have cherry-picked fixes and they are in php
>> git. Do you need any help with backporting those to lenny?
>
> Raphael usually takes care of php5 for Lenny. IIRC there're a
> lenny-branch in php-pkg svn, so you could already commit them.
Since Raphael's last message was that he's going to be offline, it's
probably up to me :-/. I'll see what I can do.
>> Meanwhile I thought it might be a good idea to went through svn log
>> and I have found some more issues we might think about fixing
>> (basically I went through the log and have checked all crashes,
>> segfaults and leaks). The fixes below are small, self-contained and I
>> have hand checked them all for sanity. There's even one CVE in
>> openbasedir which we have not catched before.
>
> open_basedir violations are not treated as security issues, see
> README.Debian.security.
I know and I wasn't suggesting to prepare security release in lenny.
Sorry for not being clear. Anyway I think it's worth fixing for
squeeze.
O.
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list