Re: [php-maint] php5 testing transition
On 05/08/2012 06:30 PM, Ondřej Surý wrote:
> On Mon, May 7, 2012 at 10:02 AM, Thijs Kinkhorst <firstname.lastname@example.org> wrote:
>> On Sun, May 6, 2012 10:00, Thijs Kinkhorst wrote:
>>> On Sat, May 5, 2012 20:49, Adam D. Barratt wrote:
>>>> On Sat, 2012-05-05 at 20:39 +0200, Ondrej Sury wrote:
>>>>>> For some reason I had it in my head that 5.4.2 was the upstream
>>>>>> with the fixed fix rather than the not-quite fixed fix.
>>>>> I think this is the case (e.g. 5.4.2 is the fixed version).
>>>> I assume Thijs was referring to CVE-2012-2311, which covers the fix in
>>>> 5.4.2 being incomplete.
>>> PHP 5.4.2 does not fix the issue.
>> PHP upstream has now announced new releases for tomorrow, which also fix
>> another security issue:
>> It would be great if we could get that into unstable swiftly and then
>> start the migration process.
> I am building security update for squeeze right now and will release
> 5.4.3 for unstable
> when it's released (there's some apache handler vulnerability from 5.4.1).
What's the status of the reverse dependencies of PHP 5.4? I've done
quite a few NMU to fix them, but I have to admit that I'm a bit lost at
what's remaining to fix. Ondrej, can you tell, so that I can have a go
on fixing reverse dependencies?
How have you been running the archive-wide tests? By installing all
reverse dependencies and running php -l on all of them? Would it make
sense to have this run once more with the updated packages, and publish
the list of broken packages here again?