Tags: sarge security Quoting Steve Langasek ([EMAIL PROTECTED]): > On Mon, Aug 22, 2005 at 08:11:27PM +0200, Zoran Dzelajlija wrote: > > Hi, any word of a sarge release to cover CAN-2005-1921 and, to kill two > > flies, the new XML_RPC bug CAN-2005-2498? I've applied Ubuntu's > > patches for both to a local build without much hassle... > > If you can provide me a direct URL for the Ubuntu security patches, I can > probably find time to roll an update for the security team if Adam's busy.
Patches for XML_RPC, CAN-2005-1921 and CAN-2005-2498 can be found in for example ftp://archive.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-universe_4.3.10-10ubuntu3.4.diff.gz (note that their patching is done in debian/rules after make install-pear) There's also a patch for a minor shtool vulnerability (CAN-2005-1751, CAN-2005-1759, insecure use of temporary files, the thing comes with php4-dev), but interestingly not in the above package, but in the other: ftp://archive.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.1.diff.gz > > Also, is there some user-friendly documentation aobut the new BTS > > features (found vs. tagging for sarge)? > > No, there doesn't seem to be any user-friendly documentation yet, just the > information that was posted to debian-devel-announce. :) Eh. Should I file bugs for the bugs.debian.org or something? ;-) > It should not be reopened. It should be tagged "sarge", as I'm told the > suite tags will have an impact on archival of bugs. Ok. Zoran -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]