Bug#422405: Upstream PHP 5.2.2 Available

2007-05-05 Thread Alan LeVee 

Package: php5
Version: 5.2.0-10

The PHP development team has released a new version of PHP 5 that fixes 
numerous security holes that affected both 5.2.0 and 5.2.1 (some of 
which I found no fixes for in the Debian packages).


The following has been resolved in PHP 5.2.2:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://www.php-security.org/MOPB/PMOPB-45-2007.html
http://www.php-security.org/MOPB/MOPB-34-2007.html
http://www.php-security.org/MOPB/MOPB-33-2007.html
http://www.php-security.org/MOPB/MOPB-29-2007.html
http://www.php-security.org/MOPB/MOPB-26-2007.html
http://www.php-security.org/MOPB/MOPB-24-2007.html
http://www.php-security.org/MOPB/MOPB-22-2007.html
http://www.php-security.org/MOPB/MOPB-21-2007.html
http://www.php-security.org/MOPB/MOPB-20-2007.html
http://www.php-security.org/MOPB/MOPB-14-2007.html
http://www.php-security.org/MOPB/MOPB-03-2007.html

Other fixes are available at:
http://www.php.net/ChangeLog-5.php#5.2.2

I would these bugs to be taken very seriously especially the ones at 
php-security.org because they affect a great many web applications.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Bug#422405: [php-maint] Bug#422405: Upstream PHP 5.2.2 Available

2007-05-05 Thread sean finney 
hi,

On Sat, 2007-05-05 at 12:48 -0400, Alan LeVee wrote:
 The PHP development team has released a new version of PHP 5 that fixes 
 numerous security holes that affected both 5.2.0 and 5.2.1 (some of 
 which I found no fixes for in the Debian packages).

for the record, most/all of the unaddressed issues were either minor,
non-issues (requiring a malicious user), or unsupported (i.e. safe-mode
bypassing).  if you feel otherwise you should address the issues
specifically.

 
 I would these bugs to be taken very seriously especially the ones at 
 php-security.org because they affect a great many web applications.

i hope you've never been given the impression otherwise.  we spent
several weeks digging up and testing the fixes from php's cvs
repositories for the latest security advisories, which is a difficult
and thankless effort.


anyway, i've had an upload prepared since the day before yesterday, i'll
upload it some time today.


sean


signature.asc
Description: This is a digitally signed message part