[php-maint] Bug#658692: Bug#658692: [php5-common]
kaplan at debian.org
Sun Feb 5 10:31:49 UTC 2012
The looks likes an output of apt-listchanges. Could you try and remove this
package and update again the php package ?
You've opened the bug at severity:serious, but it doesn't sounds like your
php installation got broken by this message. Unless it's broken or not
functional, we'll change this bug to severity:normal.
On Sun, Feb 5, 2012 at 11:10 AM, Jürg Hofmann <juerg.hofmann at postbox.ch>wrote:
> Package: php5-common
> Version: 5.3.3-7+squeeze3
> Severity: serious
> Tags: security
> X-Debbugs-CC: secure-testing-team at lists.**alioth.debian.org<secure-testing-team at lists.alioth.debian.org>
> --- Please enter the report below this line. ---
> When i try to update php5-common and related packages, from Version:
> 5.3.3-7+squeeze3 to 5.3.3-7+squeeze7, i get the following info: WARNING:
> terminal is not fully functional/tmp/tmpcnqGaJ (press RETURN).
> After pressing return, the following is displayed:
> php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high * The following
> new directives were added as part of security fixes: - max_input_vars -
> specifies how many GET/POST/COOKIE input variables may be accepted.
> Default value is set to 1000. - xsl.security_prefs - define forbidden
> operations within XSLT stylesheets. Write operations are now disabled
> by default.
> -- Ond?ej Sur? <ondrej at debian.org> Mon, 23 Jan 2012 12:22:26 +0100
> php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low * Updated blowfish
> crypt() algorithm fixes the 8-bit character handling vulnerability
> (CVE-2011-2483) and adds more self-tests. Unfortunately this change is
> incompatible with some old (wrong) generated hashes for passwords
> containing 8-bit characters. Therefore the new salt prefix '$2x$' was
> introduced which can be used as a replacement for '$2a$' salt prefix in
> the password database in case the incompatibility is found.
> -- Ond?ej Sur? <ondrej at debian.org> Mon, 04 Jul 2011 10:31:16
> +0200/tmp/tmp2PNfKm (END)
> The terminal hangs and nothing is udated.
> Same with apt and synaptic.
> --- System information. ---
> Architecture: amd64
> Kernel: Linux 2.6.32-5-amd64
> Debian Release: 6.0.4
> 500 stable-updates mirror.switch.ch
> 500 stable security.debian.org
> 500 stable mirror.switch.ch
> --- Package information. ---
> Depends (Version) | Installed
> sed (>= 4.1.1-1) | 4.2.1-7
> libc6 (>= 2.4) | 2.11.3-2
> Recommends (Version) | Installed
> php5-suhosin | 0.9.32.1-1
> Package's Suggests field is empty.
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.**debian.org<pkg-php-maint at lists.alioth.debian.org>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pkg-php-maint