Your message dated Thu, 6 Jan 2011 14:18:46 +0100 with message-id <20110106131846.GN2813@radis.liafa.jussieu.fr> and subject line Re: Bug#609007: unblock: php5/5.3.3-7 has caused the Debian Bug report #609007, regarding unblock: php5/5.3.3-7 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 609007: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609007 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: php5/5.3.3-7
- From: Ondřej Surý <ondrej@debian.org>
- Date: Wed, 05 Jan 2011 13:15:32 +0100
- Message-id: <[🔎] 20110105121532.2271.53012.reportbug@localhost6.localdomain6>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package php5 New upload fixes one CVE, one remote DoS (infinite loop which will probably get a CVE as well) and several fixes for segfauls and memory leaks cherry picked from upstream SVN. The diffstat looks quite small with exception of memory-leak-inside-highlight_string because the patched file is autogenerated and contains lots of: -#line 1014 "Zend/zend_language_scanner.c" +#line 1024 "Zend/zend_language_scanner.c" changes. Here's the diffstat for php5_5.3.3-6 php5_5.3.3-7 debian/patches/CVE-2010-4150.patch | 15 debian/patches/do-not-overwrite-GLOBALS-and-this.patch | 43 debian/patches/fix-crash-if-aa-steps-are-invalid.patch | 14 debian/patches/fix-crash-with-entity-declarations-in-simplexml.patch | 41 debian/patches/fix-for-NULL-deref-in-zend_language_scanner.patch | 13 debian/patches/fix-infinite-loop-with-x87-cpu.patch | 24 debian/patches/fix-integer-overflow-in-SdnToJulian.patch | 90 debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch | 61 debian/patches/fix-leaks-and-crash-bug-when-passing-the-callback-as-variable.patch | 11 debian/patches/fix-memory-leak-inside-highlight_string.patch | 2571 ++++++++++ debian/patches/fix-segfault-in-pgsql_stmt_execute-when-postgres-is-down.patch | 11 debian/patches/fix-segfault-when-extending-SplFixedArray.patch | 40 debian/patches/fix-segfault-when-node-is-NULL-in-simplexml.patch | 11 debian/patches/fix-segfault-when-using-several-cloned-intl-objects.patch | 130 debian/patches/fix-sqlite3-columnName-segfaults-on-bad-column_number.patch | 57 php5-5.3.3/debian/README.source | 6 php5-5.3.3/debian/changelog | 25 php5-5.3.3/debian/patches/series | 15 18 files changed, 3178 insertions(+) unblock php5/5.3.3-7 -- System Information: Debian Release: squeeze/sid APT prefers maverick-updates APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500, 'maverick-proposed'), (500, 'maverick-backports'), (500, 'maverick') Architecture: amd64 (x86_64) Kernel: Linux 2.6.35-24-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
- To: Ondřej Surý <ondrej@debian.org>, 609007-done@bugs.debian.org
- Subject: Re: Bug#609007: unblock: php5/5.3.3-7
- From: Julien Cristau <jcristau@debian.org>
- Date: Thu, 6 Jan 2011 14:18:46 +0100
- Message-id: <20110106131846.GN2813@radis.liafa.jussieu.fr>
- In-reply-to: <[🔎] 20110105121532.2271.53012.reportbug@localhost6.localdomain6>
- References: <[🔎] 20110105121532.2271.53012.reportbug@localhost6.localdomain6>
On Wed, Jan 5, 2011 at 13:15:32 +0100, Ondřej Surý wrote: > Please unblock package php5 > Unblocked, and set urgency so it can migrate after 2 days instead of 10. > New upload fixes one CVE, one remote DoS (infinite loop which will > probably get a CVE as well) and several fixes for segfauls and memory It got CVE-2010-4645. > leaks cherry picked from upstream SVN. > > The diffstat looks quite small with exception of > memory-leak-inside-highlight_string because the patched file is > autogenerated and contains lots of: > > -#line 1014 "Zend/zend_language_scanner.c" > +#line 1024 "Zend/zend_language_scanner.c" > It's also a bit confusing in that fix-for-NULL-deref-in-zend_language_scanner.patch changes the lex file but fix-memory-leak-inside-highlight_string.patch has the corresponding .c file change (along with the memory leak fix). Cheers, JulienAttachment: signature.asc
Description: Digital signature
--- End Message ---