Freeze Exception for php-geshi

To: debian-release@lists.debian.org
Subject: Freeze Exception for php-geshi
From: Bennz Baumann <BenBE@geshi.org>
Date: Thu, 13 Nov 2008 03:16:20 +0100
Message-id: <491B8DF4.8060008@geshi.org>

Dear release managers,

I'm GeSHi author Benny Baumann.

Recently there have been reports about two bugs in the currently
packaged version of php-geshi for testing (1.0.7.22-1) that have both
been fixed in the latest version (as included in unstable, v1.0.8.1-1).

While the first bug allowed for code execution under rare conditions and
could be fixed quite easily, the second one allows for Denial of Service
attacks (from remote) while fixing that one would require much more
efforts as there have been lots of changes between that release and the
bugfix thus making locating a way to backport that particular issue
complecated.

Thus I'm asking you if you could unlock the freeze for php-geshi to
allow upgrade to 1.0.8.1-1 especially since that release also fixed a
lot of old highlighting issues.

Best regards,
BenBE.

Changes can be found at
http://geshi.svn.sourceforge.net/viewvc/geshi/tags/RELEASE_1_0_8_1/geshi-1.0.X/src/docs/CHANGES?revision=1926&view=markup
or
https://geshi.svn.sourceforge.net/svnroot/geshi/tags/RELEASE_1_0_8_1/geshi-1.0.X/src/docs/CHANGES

Reply to:

Follow-Ups:
- Re: Freeze Exception for php-geshi
  - From: Marc 'HE' Brockschmidt <he@ftwca.de>

Prev by Date: ikiwiki 1.33.6 / 2.53
Next by Date: Re: Upload of inkscape_0.46-3 to t-p-u ? (was Re: [inkscape] Impossible to change font if ttf-bitstream-vera is not installed.)
Previous by thread: Re: ikiwiki 1.33.6 / 2.53
Next by thread: Re: Freeze Exception for php-geshi
Index(es):
- Date
- Thread