Control: retitle -1 stretch-pu: package phpunit/5.4.6-2~deb9u1 Control: tag -1 moreinfo Hi David, David Prévot <taffit@debian.org> (2017-06-28): > Please, allow this patched version of phpunit, built and tested in a > Stretch environment, fixing an arbitrary PHP code execution via HTTP > POST [CVE-2017-9841], aka #866200. As discussed with the security team, > PHPUnit should not be available on a production server, even less > publicly accessible (so we’d prefer to pass on a proper DSA), yet, we’d > prefer not to let such a big flaw available, so please, accept it in the > next stable update. Stretch is Debian 9. :) Please post an updated source debdiff with the proper version number for a last look before an ACK for the upload. KiBi.
Attachment:
signature.asc
Description: Digital signature