Le 03/03/2014 22:52, Bruce Dubbs a écrit : > Pierre Labastie wrote: >> Hi, >> >> Two points, which I'd like to raise before the release: >> >> 1. MIT Kerberos: >> You may remember that I had some difficulty with tests in MIT Kerberos. I >> reported upstream and this lead to the following two commits: >> https://github.com/krb5/krb5/commit/26d874412983c4c9979a9f5e7bec51834ad4cda5 >> https://github.com/krb5/krb5/commit/dba768e873d3ae34cfb2ff9d9c2d3644981f23a5 >> >> I do not know whether it may be considered a security issue, but since it >> makes the database code loop forever, I guess it could... >> >> If you are OK, I can make a patch and update the instructions. > > Absolutely. Please do that. > >> 2. PHP fileinfo extension: >> An issue has been discovered in the libmagic code >> (https://security-tracker.debian.org/tracker/CVE-2014-1943). >> See also http://mx.gw.com/pipermail/file/2014/001327.html >> >> It is corrected in file 5.17, but PHP ships a modified version of libmagic, >> which is also affected. It is used in the fileinfo extension. Upstream has >> corrected this on Feb 18, so after the last stable release. See the commit >> at: >> http://git.php.net/?p=php-src.git;a=commitdiff;h=89f864c547014646e71862df3664e3ff33d7143d >> (put on one line) >> >> I have not had time to investigate more. Is fileinfo extension built in our >> build? > > I haven't built php lately, but from my log of an older version, I'd say > yes. > > -- Bruce > Shall make both patches, and update instructions tomorrow (getting late here), while you'll be sleeping on the other side of the pond...
Pierre -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page