Bug#316447: [php-maint] Bug#316447: packages for sarge?

Zoran Dzelajlija jelly at srce.hr
Tue Aug 23 12:20:41 UTC 2005

Tags: sarge security

Quoting Steve Langasek (vorlon at debian.org):
> On Mon, Aug 22, 2005 at 08:11:27PM +0200, Zoran Dzelajlija wrote:
> > Hi, any word of a sarge release to cover CAN-2005-1921 and, to kill two
> > flies, the new XML_RPC bug CAN-2005-2498?  I've applied Ubuntu's
> > patches for both to a local build without much hassle...
> If you can provide me a direct URL for the Ubuntu security patches, I can
> probably find time to roll an update for the security team if Adam's busy.

Patches for XML_RPC, CAN-2005-1921 and CAN-2005-2498 can be found in for example


(note that their patching is done in debian/rules after make install-pear)

There's also a patch for a minor shtool vulnerability (CAN-2005-1751,
CAN-2005-1759, insecure use of temporary files, the thing comes with
php4-dev), but interestingly not in the above package, but in the other:


> > Also, is there some user-friendly documentation aobut the new BTS
> > features (found vs. tagging for sarge)?
> No, there doesn't seem to be any user-friendly documentation yet, just the
> information that was posted to debian-devel-announce. :)

Eh.  Should I file bugs for the bugs.debian.org or something? ;-)

> It should not be reopened.  It should be tagged "sarge", as I'm told the
> suite tags will have an impact on archival of bugs.



More information about the pkg-php-maint mailing list