[pkg-php-pear] Bug#866351: stretch-pu: package phpunit/5.4.6-2~deb8u1
David Prévot
taffit at debian.org
Thu Jun 29 03:35:26 UTC 2017
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org at packages.debian.org
Usertags: pu
Hi stable managers,
Please, allow this patched version of phpunit, built and tested in a
Stretch environment, fixing an arbitrary PHP code execution via HTTP
POST [CVE-2017-9841], aka #866200. As discussed with the security team,
PHPUnit should not be available on a production server, even less
publicly accessible (so we’d prefer to pass on a proper DSA), yet, we’d
prefer not to let such a big flaw available, so please, accept it in the
next stable update.
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phpunit.diff
Type: text/x-diff
Size: 2751 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20170628/2065791f/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20170628/2065791f/attachment.sig>
More information about the pkg-php-pear
mailing list