Re: php vulnerability
In gmane.linux.debian.devel.security, Torge Szczepanek wrote:
> The last Samba problems couldn't easily be adopted to "older" versions
> like 3.0.5. I got many rejects there when trying to build a new
> package for Adamantix (based on Debian), when using the official
> Samba patch. I didn't finish this security package yet...
The official Samba patch against 3.0.9 is close to a new upstream
release and not specific to the reported vulnerability by iDefense.
If you only want to prevent the exploit situation have a look at
KDE is much worse, while in the history they issued patches for
several older branches as well, the last three incidents (Kfax
libtiff overflow, Konqueror window injection and Konqueror Java
isolation) only covered 3.2 and 3.3. Especially the kfax vuln
is very hard to backport, if anyone has backports for 3.1 please
tell me where I can find them!
> It came to my mind that one maybe should concentrate the efforts of
> people working on such security backports in one central repository.
> That might really help to support older software and concentrate the
> work on security updates of all different flavours of Linux/BSD/...
A lot of these can be found on Bugtraq, when the vendors issue their
advisories, but I agree that a central place sounds very nice.