Bug#410561: [php-maint] Bug#410561: php5: multiple security issues fixed in php 5.2.1

Steve Langasek vorlon at debian.org
Mon Feb 12 03:37:29 UTC 2007

On Sun, Feb 11, 2007 at 10:01:22PM +0100, Ondřej Surý wrote:
> Oh my goddess :-(

> > PHP 5.2.1 fixes some security problems. See

> > http://www.php.net/releases/5_2_1.php
> > http://secunia.com/advisories/24089/

> Seems there is a lot of stack and buffer overflows fixed.
> Unfortunatelly our lovely PHP upstream maintainers bundled
> a lot of stuff into 5.2.1 as well including changes in default
> behaviour.  I would love to have 5.2.1 in etch, but I am prepared to go
> cherry picking.

> Steve, what's your opinion?  Cesspool will remain cesspool, so I don't
> see big difference between 5.2.0 and 5.2.1 in terms of bugginess.

Well, as you mention changes to default behavior, the difference is the
impact that such changes would have on other apps that depend on the current
behavior.  So I'm afraid this needs to be handled in a way that we get the
security fixes without whatever random changes upstream has decided to make.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/

More information about the pkg-php-maint mailing list