Re: Bug#497871: php-suhosin: please package suhosin 0.9.27 and try to get it in lenny
Jan Wagner wrote:
> Dear Release Team,
>
> as Raphael already asked, is there a chance for such an update?
0.9.24 is in unstable and testing and below diffstat doesn't look
promissing. Though please point me to an actual diff to have a look if
it's worth it.
Cheers
Luk
> On Friday 05 September 2008, Raphael Geissert wrote:
>> Since version 0.9.26 there are several enhancements that would help avoid
>> some attacks on poorly written applications.
>>
>> Relevant changelog since current version in unstable:
>>
>> * Changed PHP default POST handler to PHP’s current handler
>> * Fixed problem with suhosin.perdir
>> * Fixed problems with ext/uploadprogress
>> * Added suhosin.srand.ignore and suhosin.mt_srand.ignore (default: on)
>> * Modified rand()/srand() to use the Mersenne Twister algorithm with
>> separate state
>> * Added better internal seeding of rand() and mt_rand()
>
> here are the diffstats for changes upstream:
>
> Changelog | 20 ++
> execute.c | 386
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> php_suhosin.h | 20 ++
> post_handler.c | 65 +++++----
> rfc1867.c | 17 ++
> suhosin.c | 9 -
> 6 files changed, 478 insertions(+), 39 deletions(-)
>
> Many thanks for having a look and with kind regards, Jan.
Reply to: