Re: Wheezy update of libphp-adodb?
Thank you for your prompt response.
2016-09-09 20:25 GMT+02:00 Jean-Michel Vourgère (debian) <email@example.com>:
> On Debian, the affected php script is deployed as
> and NOT in a browser reachable location:
> It's not in /usr/share/php/adodb/ with the rest of the library and
> /usr/share/doc/ is no longer reachable since a long while, if I remember
> Upstream wrote:
>> As a workaround until hotfix is released, we recommend all users to remove
>> the whole ./tests directory; it is only used for development purposes and is
>> not necessary for normal ADOdb operations.
> So I don't think Debian even qualify as "vulnerable".
Agreed, the installed package is not vulnerable as installed.
> Sure, if you unzip the example test file and create a reachable script based on
> that, you will have a problem. Note that fixing the example on which you
> created your affected script will not immediately save you...
> I plan to work on packaging 5.20.6 (for sid) tomorrow I guess.
Thank you for taking care of that.
> Do you still think the update would be nice to have in wheezy-security?
I don't consider this a high priority issue either, but the package can be
updated with the proper example and a DLA can be issued to raise
attention of system administrators.
> On Friday 09 September 2016 01:17:03 Balint Reczey wrote:
>> Hello dear maintainer(s),
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of libphp-adodb:
>> Would you like to take care of this yourself?
>> If yes, please follow the workflow we have defined here:
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to firstname.lastname@example.org
>> (via a debdiff, or with an URL pointing to the source package,
>> or even with a pointer to your packaging repository), and the members
>> of the LTS team will take care of the rest. Indicate clearly whether you
>> have tested the updated package or not.
>> If you don't want to take care of this update, it's not a problem, we
>> will do our best with your package. Just let us know whether you would
>> like to review and/or test the updated package before it gets released.
>> You can also opt-out from receiving future similar emails in your
>> answer and then the LTS Team will take care of libphp-adodb updates
>> for the LTS releases. (In case we don't get any answer for months,
>> we may also take it as an opt-out, too.)
>> Thank you very much.
>> Balint Reczey,
>> on behalf of the Debian LTS team.
>> PS: A member of the LTS team might start working on this update at
>> any point in time. You can verify whether someone is registered
>> on this update in this file: