[php-maint] Re: packages for sarge?

Steve Langasek vorlon at debian.org
Thu Aug 25 01:44:33 UTC 2005

On Wed, Aug 24, 2005 at 06:51:47PM +0200, Martin Schulze wrote:
> Zoran Dzelajlija wrote:
> > CC-ing the security team as suggested on #debian.

> > Explanation: this security related bug in XML_RPC, part of php4-pear
> > package, has been closed by an upload to unstable, but the version in
> > sarge is still affected.

> > Quoting Zoran Dzelajlija (jelly at srce.hr):
> > > Hi, any word of a sarge release to cover CAN-2005-1921 and, to kill two
> > > flies, the new XML_RPC bug CAN-2005-2498?  I've applied Ubuntu's
> > > patches for both to a local build without much hassle...

> > > Also, is there some user-friendly documentation aobut the new BTS
> > > features (found vs. tagging for sarge)?  Should this bug be reopened
> > > until sarge gets a fix for these vulnerabilities?

> Are you able to extract a clean patch to fix the problem?  We may
> also need to update oldstable at the same time.

I have a 4:4.3.10-16 for sarge here that includes cleanly separated patches
for the security bugs; packages will be available for download soon.
TTBOMK, woody did not include any XML_RPC PEAR code and so is not vulnerable
to those bugs, but I'll check it out to be sure.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20050824/43b173dc/attachment.pgp

More information about the pkg-php-maint mailing list