Hi, A new php5-5.4.4-14+deb7u12 was released without this fix. Would the fix be included in the next stable/updates version then?
Ryan On Mon, Jun 23, 2014 at 10:12:55AM +0200, Ondřej Surý wrote: > Hi Ryan, > > thanks for reporting the issue. We have an update queue in > stable-proposed-updates > right now with a bunch of upstream fixes that needs to be processed > first, so we don't > pile updates over updates. > > But I will merge fix for your issue into next s-p-u update, ok? > > Thanks, > Ondrej > > On Mon, Jun 23, 2014, at 04:56, Ryan Underwood wrote: > > Package: php5 > > Version: 5.4.4-14+deb7u11 > > Severity: important > > > > php5 stable version has a gaping memory leak in SSL handling which was > > fixed > > upstream. > > > > http://git.php.net/?p=php-src.git;a=commitdiff;h=0863a0d6a0f740874b4ef8dc732a4ec94949470c > > > > Without this patch, a process which makes repeated FTP-SSL connections > > will > > eventually consume all resources of the server, not limited by PHP's own > > memory_limit. > > > > -- System Information: > > Debian Release: 7.5 > > APT prefers stable-updates > > APT policy: (500, 'stable-updates'), (500, 'stable') > > Architecture: i386 (i686) > > > > Kernel: Linux 3.14-0.bpo.1-686-pae (SMP w/1 CPU core) > > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > > Shell: /bin/sh linked to /bin/bash > > > > Versions of packages php5 depends on: > > ii libapache2-mod-php5 5.4.4-14+deb7u11 > > ii php5-common 5.4.4-14+deb7u11 > > > > php5 recommends no packages. > > > > php5 suggests no packages. > > > > -- no debconf information > > > > _______________________________________________ > > pkg-php-maint mailing list > > pkg-php-ma...@lists.alioth.debian.org > > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint > > > -- > Ondřej Surý <ond...@sury.org> > Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server > -- Ryan C. Underwood, <neme...@icequake.net>
signature.asc
Description: Digital signature