[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#866351: stretch-pu: package phpunit/5.4.6-2~deb8u1



Control: retitle -1 stretch-pu: package phpunit/5.4.6-2~deb9u1
Control: tag -1 moreinfo

Hi David,

David Prévot <taffit@debian.org> (2017-06-28):
> Please, allow this patched version of phpunit, built and tested in a
> Stretch environment, fixing an arbitrary PHP code execution via HTTP
> POST [CVE-2017-9841], aka #866200. As discussed with the security team,
> PHPUnit should not be available on a production server, even less
> publicly accessible (so we’d prefer to pass on a proper DSA), yet, we’d
> prefer not to let such a big flaw available, so please, accept it in the
> next stable update.

Stretch is Debian 9. :)

Please post an updated source debdiff with the proper version number for
a last look before an ACK for the upload.


KiBi.

Attachment: signature.asc
Description: Digital signature


Reply to: