[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#497871: php-suhosin: please package suhosin 0.9.27 and try to get it in lenny

Jan Wagner wrote:
> Dear Release Team,
> 
> as Raphael already asked, is there a chance for such an update?

0.9.24 is in unstable and testing and below diffstat doesn't look
promissing. Though please point me to an actual diff to have a look if
it's worth it.

Cheers

Luk

> On Friday 05 September 2008, Raphael Geissert wrote:
>> Since version 0.9.26 there are several enhancements that would help avoid
>> some attacks on poorly written applications.
>>
>> Relevant changelog since current version in unstable:
>>
>> * Changed PHP default POST handler to PHP’s current handler
>> * Fixed problem with suhosin.perdir
>> * Fixed problems with ext/uploadprogress
>> * Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)
>> * Modified rand()/srand() to use the Mersenne Twister algorithm with
>> separate state
>> * Added better internal seeding of rand() and mt_rand()
> 
> here are the diffstats for changes upstream:
> 
>  Changelog      |   20 ++
>  execute.c      |  386 
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
>  php_suhosin.h  |   20 ++
>  post_handler.c |   65 +++++----
>  rfc1867.c      |   17 ++
>  suhosin.c      |    9 -
>  6 files changed, 478 insertions(+), 39 deletions(-)
> 
> Many thanks for having a look and with kind regards, Jan.
Reply to: