hey folks, just fyi i'm uploading a couple php4 builds for stable/oldstable to the public security upload queue on klecker. check the changelogs below for more information on the details.
since php4 is no longer (or will soon no longer, depending on ftp-master) part
of unstable, there's no need for a fix in testing.
wrt php5, CVE-2007-1864 applies to it as well, so i'll need to prepare an
update, but there's also a second issue (CVE-2007-1399) which i need to
investigate first.
sean
php4 (4:4.3.10-22) oldstable-security; urgency=low
* NMU prepared for the security team by the package maintainer.
* The following security issue is addressed with this update:
- CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library.
(Thanks to Joe Orton from redhat for sharing the patch.)
- CVE-2006-0207: HTTP response splitting vulnerabilities.
This was reported to not affect this version of PHP, but it has
been independantly verified that it does (closes: #354683).
- CVE-2006-4486: Int. overflows in memory mgmt code for 64bit
architectures.
-- sean finney <[EMAIL PROTECTED]> Sat, 30 Jun 2007 15:42:26 +0200
php4 (6:4.4.4-8+etch4) stable-security; urgency=low
* NMU prepared for the security team by the package maintainer.
* The following security issue is addressed with this update:
- CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library.
* Thanks to Joe Orton from redhat for sharing the patch.
-- sean finney <[EMAIL PROTECTED]> Sat, 30 Jun 2007 14:42:42 +0200
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
