Hi François-Régis,
On Sat, 11 Jul 2015, François-Régis wrote:
> I've tried to make galette use php-zend-db but did'nt achieved yet to
> successfully test it (I think my package is good but hosts on wich I've
> tested it are no sid ready...).
>
> I'll be unfortunately get off internet until
Hi David,
Thanks for your update, I was watching php-zend-db on new queue but
missed the accepting.
Le 09/07/2015 18:31, David Prévot a écrit :
On Tue, Mar 17, 2015 at 02:18:40AM +0100, François-Régis wrote:
This bug affects only unstable and will be fixed with #780422 fix.
php-zend-db has
Hi François-Régis,
On Tue, Mar 17, 2015 at 02:18:40AM +0100, François-Régis wrote:
This bug affects only unstable and will be fixed with #780422 fix.
php-zend-db has just been accepted, so you can now properly depend on it
for galette. I also pushed the latest version (2.5.1) of php-zend-db to
tag -1 pending
thanks
This bug affects only unstable and will be fixed with #780422 fix.
Cheers
signature.asc
Description: OpenPGP digital signature
Hi Raphaël,
Le 16/03/2015 10:13, Raphael Hertzog a écrit :
On Sat, 14 Mar 2015, François-Régis wrote:
But you need to act quickly as we are in deep freeze and galette is a leaf
package that can quickly go away...
Version of galette in jessie is 0.7.8+dfsg-1 and rely on zendframework
(= 1.11)
Hi David, Hi Raphaël,
Le 14/03/2015 14:23, David Prévot a écrit :
Do you think, in between, it's worth to make a package which remove the
upstream embedded ZendDB and embed a proper (let says 2.3.6) version of
it.
That would be fine: you may just copy a recent ZendDB in place of the
On Mon, 16 Mar 2015, François-Régis wrote:
Version of galette in jessie is 0.7.8+dfsg-1 and rely on zendframework
(= 1.11) as provided by debian. It should not be concerned by #780424.
Do I miss something or do I need to do something to avoid its removal
from jessie ?
Oh, I missed that.
Hi,
Le 16/03/2015 13:59, Raphael Hertzog a écrit :
On Mon, 16 Mar 2015, François-Régis wrote:
As I've no experience on that sort of thing, would you mind to have a
look at attached patch and tell me if :
No, the package build should not rely on the network to download stuff to
embed in the
Hi François,
On Sat, 14 Mar 2015, François-Régis wrote:
Do you think, in between, it's worth to make a package which remove the
upstream embedded ZendDB and embed a proper (let says 2.3.6) version of it.
Yes, or alternatively apply only the security relevant patches that David
mentioned.
But
Hi François-Régis,
[ I Shouldn’t reply to mail too late: I misunderstood your proposal… ]
Do you think, in between, it's worth to make a package which remove the
upstream embedded ZendDB and embed a proper (let says 2.3.6) version of
it.
That would be fine: you may just copy a recent ZendDB
Package: galette
Version: 0.8+dfsg-1
Severity: serious
Tags: security upstream
Hi,
The galette package ships an embedded copy of ZendDb, but AFAICT, the
version shipped (2.3.1) is affected by several security issues:
CVE-2014-8089 and CVE-2015-0270 (aka ZF2014-06 and ZF2015-02).
Shipping
[Ssorry about the charset mess on my (webmail) side]
Believe me, I was not proud of that commit, but still hopping to have
galette-8.0 in jessie, I didn't considered to package or ask for
packaging ZendDB V2...
Way too late for accepting a new package at this late state of the freeze
Hi David,
I've put Raphaël in cc as he is my Grand Master (and sponsor) on galette.
Le 13/03/2015 18:13, David Prévot a écrit :
Package: galette
Version: 0.8+dfsg-1
Severity: serious
Tags: security upstream
The galette package ships an embedded copy of ZendDb, but AFAICT, the
version
13 matches
Mail list logo
