PHP security upload not included in 6.0.9

To: Debian Release Mailing List <debian-release@lists.debian.org>
Cc: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Subject: PHP security upload not included in 6.0.9
From: Lior Kaplan <kaplan@debian.org>
Date: Mon, 17 Feb 2014 01:38:30 +0200
Message-id: <[🔎] CAEsznC6Tz+VhyseJ9BKNE0vbgNg_HaQZ8LWuvPj5xPxO9wq3JA@mail.gmail.com>

Dear release team,

I saw the happy notice about 6.0.9 release, and wondered why isn't php5 (5.3.3-7+squeeze18) part of this update (uploaded in December).

Also see this: http://qa.debian.org/madison.php?package=php5

The changes log (taken from the our VCS) has two CVEs:

* [CVE-2013-6420]: Fix memory corruption in openssl_x509_parse (Closes: #731895)
* [CVE-2013-6712] Fix heap buffer over-read in DateInterval (Closes: #731112)

Thanks,

Kaplan

Reply to:

Follow-Ups:
- Re: PHP security upload not included in 6.0.9
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Re: Bug#739079: transition: libav10
Next by Date: Re: PHP security upload not included in 6.0.9
Previous by thread: Bug#739185: pu: package automake1.9-nonfree/1.9.6-1.1~deb7u1
Next by thread: Re: PHP security upload not included in 6.0.9
Index(es):
- Date
- Thread