Bug#410561: [php-maint] Bug#410561: php5: multiple security issues fixed in php 5.2.1
hey guys, i should have some time to put forward on this starting wednesday or so. i believe the folks at redhat are also in our position wrt php4 and have been independently working on digging up the packages, so i threw an email to the guy doing it. hopefully that'll lower the burden just a bit. sean signature.asc Description: This is a digitally signed message part
Bug#410561: [php-maint] Bug#410561: php5: multiple security issues fixed in php 5.2.1
On Sun, Feb 11, 2007 at 10:01:22PM +0100, Ondřej Surý wrote: > Oh my goddess :-( > > PHP 5.2.1 fixes some security problems. See > > http://www.php.net/releases/5_2_1.php > > http://secunia.com/advisories/24089/ > Seems there is a lot of stack and buffer overflows fixed. > Unfortunatelly our lovely PHP upstream maintainers bundled > a lot of stuff into 5.2.1 as well including changes in default > behaviour. I would love to have 5.2.1 in etch, but I am prepared to go > cherry picking. > Steve, what's your opinion? Cesspool will remain cesspool, so I don't > see big difference between 5.2.0 and 5.2.1 in terms of bugginess. Well, as you mention changes to default behavior, the difference is the impact that such changes would have on other apps that depend on the current behavior. So I'm afraid this needs to be handled in a way that we get the security fixes without whatever random changes upstream has decided to make. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
Bug#410561: [php-maint] Bug#410561: php5: multiple security issues fixed in php 5.2.1
Oh my goddess :-( > PHP 5.2.1 fixes some security problems. See > > http://www.php.net/releases/5_2_1.php > http://secunia.com/advisories/24089/ Seems there is a lot of stack and buffer overflows fixed. Unfortunatelly our lovely PHP upstream maintainers bundled a lot of stuff into 5.2.1 as well including changes in default behaviour. I would love to have 5.2.1 in etch, but I am prepared to go cherry picking. Steve, what's your opinion? Cesspool will remain cesspool, so I don't see big difference between 5.2.0 and 5.2.1 in terms of bugginess. > PHP 4.4 is affected by at least some of the issues, too. That troubles me :-(((, since new php4 is not available. Ondrej. -- Ondřej Surý <[EMAIL PROTECTED]> *** http://blog.rfc1925.org/ Kulturní občasník *** http://www.obcasnik.cz/
Bug#410561: php5: multiple security issues fixed in php 5.2.1
Package: php5 Version: 5.2.0-8 Severity: grave Tags: security Justification: user security hole PHP 5.2.1 fixes some security problems. See http://www.php.net/releases/5_2_1.php http://secunia.com/advisories/24089/ PHP 4.4 is affected by at least some of the issues, too. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
