[php-maint] Re: packages for sarge?

Martin Schulze joey at infodrom.org
Wed Aug 24 16:51:47 UTC 2005


Zoran Dzelajlija wrote:
> CC-ing the security team as suggested on #debian.
> 
> Explanation: this security related bug in XML_RPC, part of php4-pear
> package, has been closed by an upload to unstable, but the version in
> sarge is still affected.
> 
> Quoting Zoran Dzelajlija (jelly at srce.hr):
> > Hi, any word of a sarge release to cover CAN-2005-1921 and, to kill two
> > flies, the new XML_RPC bug CAN-2005-2498?  I've applied Ubuntu's
> > patches for both to a local build without much hassle...
> > 
> > Also, is there some user-friendly documentation aobut the new BTS
> > features (found vs. tagging for sarge)?  Should this bug be reopened
> > until sarge gets a fix for these vulnerabilities?

Are you able to extract a clean patch to fix the problem?  We may
also need to update oldstable at the same time.

Regards,

	Joey

-- 
It's time to close the windows.



More information about the pkg-php-maint mailing list