<div dir="ltr">Hi,<br><br>The looks likes an output of apt-listchanges. Could you try and remove this package and update again the php package ?<br><br>You've opened the bug at severity:serious, but it doesn't sounds like your php installation got broken by this message. Unless it's broken or not functional, we'll change this bug to severity:normal.<br>
<br>Kaplan<br><br><br><div class="gmail_quote">On Sun, Feb 5, 2012 at 11:10 AM, Jürg Hofmann <span dir="ltr"><<a href="mailto:juerg.hofmann@postbox.ch">juerg.hofmann@postbox.ch</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Package: php5-common<br>
Version: 5.3.3-7+squeeze3<br>
Severity: serious<br>
Tags: security<br>
X-Debbugs-CC: <a href="mailto:secure-testing-team@lists.alioth.debian.org" target="_blank">secure-testing-team@lists.<u></u>alioth.debian.org</a><br>
<br>
--- Please enter the report below this line. ---<br>
When i try to update php5-common and related packages, from Version: 5.3.3-7+squeeze3 to 5.3.3-7+squeeze7, i get the following info: WARNING: terminal is not fully functional/tmp/tmpcnqGaJ (press RETURN).<br>
After pressing return, the following is displayed:<br>
<br>
php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high * The following new directives were added as part of security fixes: - max_input_vars - specifies how many GET/POST/COOKIE input variables may be accepted. Default value is set to 1000. - xsl.security_prefs - define forbidden operations within XSLT stylesheets. Write operations are now disabled by default.<br>
<br>
-- Ond?ej Sur? <<a href="mailto:ondrej@debian.org" target="_blank">ondrej@debian.org</a>> Mon, 23 Jan 2012 12:22:26 +0100<br>
<br>
php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low * Updated blowfish crypt() algorithm fixes the 8-bit character handling vulnerability (CVE-2011-2483) and adds more self-tests. Unfortunately this change is incompatible with some old (wrong) generated hashes for passwords containing 8-bit characters. Therefore the new salt prefix '$2x$' was introduced which can be used as a replacement for '$2a$' salt prefix in the password database in case the incompatibility is found.<br>
<br>
-- Ond?ej Sur? <<a href="mailto:ondrej@debian.org" target="_blank">ondrej@debian.org</a>> Mon, 04 Jul 2011 10:31:16 +0200/tmp/tmp2PNfKm (END)<br>
<br>
The terminal hangs and nothing is udated.<br>
Same with apt and synaptic.<br>
<br>
--- System information. ---<br>
Architecture: amd64<br>
Kernel: Linux 2.6.32-5-amd64<br>
<br>
Debian Release: 6.0.4<br>
500 stable-updates <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a><br>
500 stable <a href="http://security.debian.org" target="_blank">security.debian.org</a><br>
500 stable <a href="http://mirror.switch.ch" target="_blank">mirror.switch.ch</a><br>
<br>
--- Package information. ---<br>
Depends (Version) | Installed<br>
========================-+-===<u></u>==========<br>
sed (>= 4.1.1-1) | 4.2.1-7<br>
libc6 (>= 2.4) | 2.11.3-2<br>
<br>
<br>
Recommends (Version) | Installed<br>
===========================-+-<u></u>===========<br>
php5-suhosin | 0.9.32.1-1<br>
<br>
<br>
Package's Suggests field is empty.<br>
<br>
<br>
<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
pkg-php-maint mailing list<br>
<a href="mailto:pkg-php-maint@lists.alioth.debian.org" target="_blank">pkg-php-maint@lists.alioth.<u></u>debian.org</a><br>
<a href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint" target="_blank">http://lists.alioth.debian.<u></u>org/cgi-bin/mailman/listinfo/<u></u>pkg-php-maint</a><br>
</blockquote></div><br></div>