Bug#316447: [php-maint] Bug#316447: packages for sarge?
Zoran Dzelajlija
jelly at srce.hr
Tue Aug 23 12:20:41 UTC 2005
Tags: sarge security
Quoting Steve Langasek (vorlon at debian.org):
> On Mon, Aug 22, 2005 at 08:11:27PM +0200, Zoran Dzelajlija wrote:
> > Hi, any word of a sarge release to cover CAN-2005-1921 and, to kill two
> > flies, the new XML_RPC bug CAN-2005-2498? I've applied Ubuntu's
> > patches for both to a local build without much hassle...
>
> If you can provide me a direct URL for the Ubuntu security patches, I can
> probably find time to roll an update for the security team if Adam's busy.
Patches for XML_RPC, CAN-2005-1921 and CAN-2005-2498 can be found in for example
ftp://archive.ubuntu.com/ubuntu/pool/universe/p/php4-universe/php4-universe_4.3.10-10ubuntu3.4.diff.gz
(note that their patching is done in debian/rules after make install-pear)
There's also a patch for a minor shtool vulnerability (CAN-2005-1751,
CAN-2005-1759, insecure use of temporary files, the thing comes with
php4-dev), but interestingly not in the above package, but in the other:
ftp://archive.ubuntu.com/ubuntu/pool/main/p/php4/php4_4.3.10-10ubuntu4.1.diff.gz
> > Also, is there some user-friendly documentation aobut the new BTS
> > features (found vs. tagging for sarge)?
>
> No, there doesn't seem to be any user-friendly documentation yet, just the
> information that was posted to debian-devel-announce. :)
Eh. Should I file bugs for the bugs.debian.org or something? ;-)
> It should not be reopened. It should be tagged "sarge", as I'm told the
> suite tags will have an impact on archival of bugs.
Ok.
Zoran
More information about the pkg-php-maint
mailing list