[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [php-maint] php5 testing transition

On 05/08/2012 06:30 PM, Ondřej Surý wrote:
> On Mon, May 7, 2012 at 10:02 AM, Thijs Kinkhorst <thijs@debian.org> wrote:
>> On Sun, May 6, 2012 10:00, Thijs Kinkhorst wrote:
>>> On Sat, May 5, 2012 20:49, Adam D. Barratt wrote:
>>>> On Sat, 2012-05-05 at 20:39 +0200, Ondrej Sury wrote:
>>>>>> For some reason I had it in my head that 5.4.2 was the upstream
>>>>> version
>>>>>> with the fixed fix rather than the not-quite fixed fix.
>>>>> I think this is the case (e.g. 5.4.2 is the fixed version).
>>>> I assume Thijs was referring to CVE-2012-2311, which covers the fix in
>>>> 5.4.2 being incomplete.
>>> PHP 5.4.2 does not fix the issue.
>> PHP upstream has now announced new releases for tomorrow, which also fix
>> another security issue:
>> http://www.php.net/archive/2012.php#id2012-05-06-1
>> It would be great if we could get that into unstable swiftly and then
>> start the migration process.
> I am building security update for squeeze right now and will release
> 5.4.3 for unstable
> when it's released (there's some apache handler vulnerability from 5.4.1).


What's the status of the reverse dependencies of PHP 5.4? I've done
quite a few NMU to fix them, but I have to admit that I'm a bit lost at
what's remaining to fix. Ondrej, can you tell, so that I can have a go
on fixing reverse dependencies?

How have you been running the archive-wide tests? By installing all
reverse dependencies and running php -l on all of them? Would it make
sense to have this run once more with the updated packages, and publish
the list of broken packages here again?



Reply to: