Pierre Labastie wrote: > Hi, > > Two points, which I'd like to raise before the release: > > 1. MIT Kerberos: > You may remember that I had some difficulty with tests in MIT Kerberos. I > reported upstream and this lead to the following two commits: > https://github.com/krb5/krb5/commit/26d874412983c4c9979a9f5e7bec51834ad4cda5 > https://github.com/krb5/krb5/commit/dba768e873d3ae34cfb2ff9d9c2d3644981f23a5 > > I do not know whether it may be considered a security issue, but since it > makes the database code loop forever, I guess it could... > > If you are OK, I can make a patch and update the instructions.
Absolutely. Please do that. > 2. PHP fileinfo extension: > An issue has been discovered in the libmagic code > (https://security-tracker.debian.org/tracker/CVE-2014-1943). > See also http://mx.gw.com/pipermail/file/2014/001327.html > > It is corrected in file 5.17, but PHP ships a modified version of libmagic, > which is also affected. It is used in the fileinfo extension. Upstream has > corrected this on Feb 18, so after the last stable release. See the commit at: > http://git.php.net/?p=php-src.git;a=commitdiff;h=89f864c547014646e71862df3664e3ff33d7143d > (put on one line) > > I have not had time to investigate more. Is fileinfo extension built in our > build? I haven't built php lately, but from my log of an older version, I'd say yes. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
