[php-maint] Freeze exception: php5
Ondřej Surý
ondrej at debian.org
Thu Oct 21 18:49:43 UTC 2010
Hi Adam.
so I had problems with orig tarball, so my upload was rejected. Hence
the 5.3.3-2 release contains all changes. So please unblock 5.3.3-2
after a reasonable period of time.
Thanks you,
Ondrej
On Thu, Oct 21, 2010 at 16:59, Ondřej Surý <ondrej at debian.org> wrote:
> Hi Adam,
>
>> After further discussion, and looking at the security issues which
>> upstream acknowledge being fixed in 5.3.3, please go ahead with the
>> upload to unstable. I'm undecided yet whether to age the upload (and if
>> so by how much) but an earlier upload has more chance of being unblocked
>> earlier. :-)
>
> I am uploading 5.3.3-2 right now. I have fixed a couple of regressions
> and cherry-picked one more CVE.
>
> Here's the full changelog (unfortunatelly I have forgotten to sync
> changelog with git, so 5.3.3-2 doesn't have a full log), so I am going
> to build 5.3.3-3 with full list of changes.
>
> I have disabled FPM SAPI, so it doesn't introduce any "new" code. FPM
> SAPI will be enabled in next stable.
>
> php5 (5.3.3-3) unstable; urgency=low
>
> * Set explicit error level to hide warnings on systems with modified
> php.ini (Closes: #590485)
> * Apply patch to fix loading of extensions without [PHP] section
> (Closes: #595761)
> * Set session.gc_probability back to 0 (Closes: #595706)
> * Update PHP5 description to not include references to C, Java and
> Perl (Closes: #351032)
>
> -- Ondřej Surý <ondrej at debian.org> Thu, 21 Oct 2010 16:57:53 +0200
>
> php5 (5.3.3-2) unstable; urgency=low
>
> * Upload 5.3.3 to unstable
> + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866,
> CVE-2010-2531, CVE-2010-3065.
> * Don't build FPM SAPI now
> * Bump standards version to 3.9.1
> * Synchronize system crypt patch
> * Cherry pick upstream fix for format vulnerability in phar/stream.c
> + Fixes CVE-2010-2950.
>
> -- Ondřej Surý <ondrej at debian.org> Thu, 21 Oct 2010 16:57:53 +0200
>
>
> Ondrej
> --
> Ondřej Surý <ondrej at sury.org>
> http://blog.rfc1925.org/
>
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list