[php-maint] Bug#410561: update on latest batch of CVE's for php

sean finney seanius at seanius.net
Thu Mar 1 20:38:01 CET 2007

hey ondrej,

On Thu, 2007-03-01 at 11:47 +0100, Ondřej Surý wrote:
> did you have time to work on this lately?  I think I could spare some
> time for PHP packaging work during next week.

yes i have, though it's been a really really really busy week and so i
never got around to sending a status update.  so, here's the update :)

- fixes backported to sarge/4.3.10 and etch/4.4.4, with many thanks
  to pitti and joe orton at redhat for doing most of the cvs digging
- fixes backported to etch/5.2, but i'm having trouble with having the
  patches cleanly apply.  the wierd thing is they apply if i manually
  apply them, but one of them breaks if i put them in debian/patches.
  the really wierd thing is nothing else in debian/patches touches the
  file in question.  then again, this was last night and i hadn't slept
  the night before, so a second set of eyes looking at it would be
  generally a good thing.

note that i've been working on the assumption that we won't be putting
in the latest upstream version in for etch, though obviously that would
be another fix (modulo the regressions from the new version)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070301/4bcff584/attachment.pgp

More information about the pkg-php-maint mailing list