Hi, Two points, which I'd like to raise before the release:
1. MIT Kerberos: You may remember that I had some difficulty with tests in MIT Kerberos. I reported upstream and this lead to the following two commits: https://github.com/krb5/krb5/commit/26d874412983c4c9979a9f5e7bec51834ad4cda5 https://github.com/krb5/krb5/commit/dba768e873d3ae34cfb2ff9d9c2d3644981f23a5 I do not know whether it may be considered a security issue, but since it makes the database code loop forever, I guess it could... If you are OK, I can make a patch and update the instructions. 2. PHP fileinfo extension: An issue has been discovered in the libmagic code (https://security-tracker.debian.org/tracker/CVE-2014-1943). See also http://mx.gw.com/pipermail/file/2014/001327.html It is corrected in file 5.17, but PHP ships a modified version of libmagic, which is also affected. It is used in the fileinfo extension. Upstream has corrected this on Feb 18, so after the last stable release. See the commit at: http://git.php.net/?p=php-src.git;a=commitdiff;h=89f864c547014646e71862df3664e3ff33d7143d (put on one line) I have not had time to investigate more. Is fileinfo extension built in our build? Pierre -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
