Re: [php-maint] Bug#603751: Three more security issues

To: Ondřej Surý <ondrej@debian.org>
Cc: Moritz Muehlenhoff <jmm@debian.org>, 603751@bugs.debian.org, debian-release@lists.debian.org, "Adam D. Barratt" <adam@adam-barratt.org.uk>
Subject: Re: [php-maint] Bug#603751: Three more security issues
From: Moritz Muehlenhoff <jmm@inutil.org>
Date: Wed, 17 Nov 2010 21:06:53 +0100
Message-id: <[🔎] 20101117200653.GB20394@inutil.org>
In-reply-to: <[🔎] AANLkTimJUhhHfofweHrJUJbo-dMjp+W-tfDtZ0pSAuHS@mail.gmail.com>
References: <20101116223047.4481.49055.reportbug@localhost.localdomain> <[🔎] AANLkTimJUhhHfofweHrJUJbo-dMjp+W-tfDtZ0pSAuHS@mail.gmail.com>

On Wed, Nov 17, 2010 at 10:05:35AM +0100, Ondřej Surý wrote:
> Hi Moritz, Adam,
> 
> thanks for heads up. I have cherry-picked fixes and they are in php
> git. Do you need any help with backporting those to lenny? 

Raphael usually takes care of php5 for Lenny. IIRC there're a
lenny-branch in php-pkg svn, so you could already commit them.

> Meanwhile I thought it might be a good idea to went through svn log
> and I have found some more issues we might think about fixing
> (basically I went through the log and have checked all crashes,
> segfaults and leaks). The fixes below are small, self-contained and I
> have hand checked them all for sanity. There's even one CVE in
> openbasedir which we have not catched before.

open_basedir violations are not treated as security issues, see
README.Debian.security.

Cheers,
        Moritz

Reply to:

References:
- Re: [php-maint] Bug#603751: Three more security issues
  - From: Ondřej Surý <ondrej@debian.org>

Prev by Date: Bug#603838: unblock: strongswan/4.4.1-5.1
Next by Date: Bug#603843: unblock: debsums/2.0.48+nmu2
Previous by thread: Re: [php-maint] Bug#603751: Three more security issues
Next by thread: Re: [php-maint] Bug#603751: Three more security issues
Index(es):
- Date
- Thread