Freeze Exception for php-geshi
Dear release managers,
I'm GeSHi author Benny Baumann.
Recently there have been reports about two bugs in the currently
packaged version of php-geshi for testing (184.108.40.206-1) that have both
been fixed in the latest version (as included in unstable, v220.127.116.11-1).
While the first bug allowed for code execution under rare conditions and
could be fixed quite easily, the second one allows for Denial of Service
attacks (from remote) while fixing that one would require much more
efforts as there have been lots of changes between that release and the
bugfix thus making locating a way to backport that particular issue
Thus I'm asking you if you could unlock the freeze for php-geshi to
allow upgrade to 18.104.22.168-1 especially since that release also fixed a
lot of old highlighting issues.
Changes can be found at