[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Freeze Exception for php-geshi

Dear release managers,

I'm GeSHi author Benny Baumann.

Recently there have been reports about two bugs in the currently
packaged version of php-geshi for testing ( that have both
been fixed in the latest version (as included in unstable, v1.0.8.1-1).

While the first bug allowed for code execution under rare conditions and
could be fixed quite easily, the second one allows for Denial of Service
attacks (from remote) while fixing that one would require much more
efforts as there have been lots of changes between that release and the
bugfix thus making locating a way to backport that particular issue

Thus I'm asking you if you could unlock the freeze for php-geshi to
allow upgrade to especially since that release also fixed a
lot of old highlighting issues.

Best regards,

Changes can be found at

Reply to: