[php-maint] Bug#658692: Bug#658692: Bug#658692: [php5-common]

Ondřej Surý ondrej at debian.org
Sun Feb 5 13:26:40 UTC 2012


reassign 658692 apt-listchanges
severity 658692 normal
thank you

Definitely not a bug in the php5. Reassigning to apt-listchanges (it tried to
output the contents of debian/NEWS file).

What was your environment when you tried to upgrade? Some unusual
configuration of the terminal/pager/etc.?

O.

On Sun, Feb 5, 2012 at 11:31, Lior Kaplan <kaplan at debian.org> wrote:
> Hi,
>
> The looks likes an output of apt-listchanges. Could you try and remove this
> package and update again the php package ?
>
> You've opened the bug at severity:serious, but it doesn't sounds like your
> php installation got broken by this message. Unless it's broken or not
> functional, we'll change this bug to severity:normal.
>
> Kaplan
>
>
> On Sun, Feb 5, 2012 at 11:10 AM, Jürg Hofmann <juerg.hofmann at postbox.ch>
> wrote:
>>
>> Package: php5-common
>> Version: 5.3.3-7+squeeze3
>> Severity: serious
>> Tags: security
>> X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
>>
>> --- Please enter the report below this line. ---
>>  When i try to update php5-common and related packages, from Version:
>> 5.3.3-7+squeeze3 to 5.3.3-7+squeeze7, i get the following info: WARNING:
>> terminal is not fully functional/tmp/tmpcnqGaJ  (press RETURN).
>> After pressing return, the following is displayed:
>>
>> php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high  * The following
>> new directives were added as part of security fixes:    - max_input_vars -
>> specifies how many GET/POST/COOKIE input variables      may be accepted.
>>  Default value is set to 1000.    - xsl.security_prefs - define forbidden
>> operations within XSLT      stylesheets.  Write operations are now disabled
>> by default.
>>
>>  -- Ond?ej Sur? <ondrej at debian.org>  Mon, 23 Jan 2012 12:22:26 +0100
>>
>> php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low  * Updated blowfish
>> crypt() algorithm fixes the 8-bit character handling    vulnerability
>> (CVE-2011-2483) and adds more self-tests.  Unfortunately    this change is
>> incompatible with some old (wrong) generated hashes for    passwords
>> containing 8-bit characters.  Therefore the new salt prefix    '$2x$' was
>> introduced which can be used as a replacement for '$2a$'    salt prefix in
>> the password database in case the incompatibility is    found.
>>
>>  -- Ond?ej Sur? <ondrej at debian.org>  Mon, 04 Jul 2011 10:31:16
>> +0200/tmp/tmp2PNfKm (END)
>>
>> The terminal hangs and nothing is udated.
>> Same with apt and synaptic.
>>
>> --- System information. ---
>> Architecture: amd64
>> Kernel: Linux 2.6.32-5-amd64
>>
>> Debian Release: 6.0.4
>> 500 stable-updates mirror.switch.ch
>> 500 stable security.debian.org
>> 500 stable mirror.switch.ch
>>
>> --- Package information. ---
>> Depends (Version) | Installed
>> ========================-+-=============
>> sed (>= 4.1.1-1) | 4.2.1-7
>> libc6 (>= 2.4) | 2.11.3-2
>>
>>
>> Recommends (Version) | Installed
>> ===========================-+-===========
>> php5-suhosin | 0.9.32.1-1
>>
>>
>> Package's Suggests field is empty.
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> pkg-php-maint mailing list
>> pkg-php-maint at lists.alioth.debian.org
>> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint



-- 
Ondřej Surý <ondrej at sury.org>





More information about the pkg-php-maint mailing list