Re: [php-maint] Freeze exception: php5
Hi Adam,
> After further discussion, and looking at the security issues which
> upstream acknowledge being fixed in 5.3.3, please go ahead with the
> upload to unstable. I'm undecided yet whether to age the upload (and if
> so by how much) but an earlier upload has more chance of being unblocked
> earlier. :-)
I am uploading 5.3.3-2 right now. I have fixed a couple of regressions
and cherry-picked one more CVE.
Here's the full changelog (unfortunatelly I have forgotten to sync
changelog with git, so 5.3.3-2 doesn't have a full log), so I am going
to build 5.3.3-3 with full list of changes.
I have disabled FPM SAPI, so it doesn't introduce any "new" code. FPM
SAPI will be enabled in next stable.
php5 (5.3.3-3) unstable; urgency=low
* Set explicit error level to hide warnings on systems with modified
php.ini (Closes: #590485)
* Apply patch to fix loading of extensions without [PHP] section
(Closes: #595761)
* Set session.gc_probability back to 0 (Closes: #595706)
* Update PHP5 description to not include references to C, Java and
Perl (Closes: #351032)
-- Ondřej Surý <ondrej@debian.org> Thu, 21 Oct 2010 16:57:53 +0200
php5 (5.3.3-2) unstable; urgency=low
* Upload 5.3.3 to unstable
+ Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866,
CVE-2010-2531, CVE-2010-3065.
* Don't build FPM SAPI now
* Bump standards version to 3.9.1
* Synchronize system crypt patch
* Cherry pick upstream fix for format vulnerability in phar/stream.c
+ Fixes CVE-2010-2950.
-- Ondřej Surý <ondrej@debian.org> Thu, 21 Oct 2010 16:57:53 +0200
Ondrej
--
Ondřej Surý <ondrej@sury.org>
http://blog.rfc1925.org/
Reply to: