[php-maint] php5 testing transition
Thomas Goirand
zigo at debian.org
Tue May 8 16:02:49 UTC 2012
On 05/08/2012 06:30 PM, Ondřej Surý wrote:
> On Mon, May 7, 2012 at 10:02 AM, Thijs Kinkhorst <thijs at debian.org> wrote:
>> On Sun, May 6, 2012 10:00, Thijs Kinkhorst wrote:
>>> On Sat, May 5, 2012 20:49, Adam D. Barratt wrote:
>>>> On Sat, 2012-05-05 at 20:39 +0200, Ondrej Sury wrote:
>>>>>> For some reason I had it in my head that 5.4.2 was the upstream
>>>>> version
>>>>>> with the fixed fix rather than the not-quite fixed fix.
>>>>>
>>>>> I think this is the case (e.g. 5.4.2 is the fixed version).
>>>>
>>>> I assume Thijs was referring to CVE-2012-2311, which covers the fix in
>>>> 5.4.2 being incomplete.
>>>
>>> PHP 5.4.2 does not fix the issue.
>>
>> PHP upstream has now announced new releases for tomorrow, which also fix
>> another security issue:
>> http://www.php.net/archive/2012.php#id2012-05-06-1
>>
>> It would be great if we could get that into unstable swiftly and then
>> start the migration process.
>
> I am building security update for squeeze right now and will release
> 5.4.3 for unstable
> when it's released (there's some apache handler vulnerability from 5.4.1).
Hi,
What's the status of the reverse dependencies of PHP 5.4? I've done
quite a few NMU to fix them, but I have to admit that I'm a bit lost at
what's remaining to fix. Ondrej, can you tell, so that I can have a go
on fixing reverse dependencies?
How have you been running the archive-wide tests? By installing all
reverse dependencies and running php -l on all of them? Would it make
sense to have this run once more with the updated packages, and publish
the list of broken packages here again?
Cheers,
Thomas
More information about the pkg-php-maint
mailing list