[php-maint] Bug#601619: Bug#601619: CVE-2010-3710: DoS in filter_var()
Adam D. Barratt
adam at adam-barratt.org.uk
Sun Nov 7 19:20:46 UTC 2010
On Thu, 2010-10-28 at 18:24 +0200, Moritz Muehlenhoff wrote:
> On Wed, Oct 27, 2010 at 11:45:21PM +0200, Ond??ej Surý wrote:
> > Hi Moritz and Adam,
> >
> > I have prepared 5.3.3-3 in the git, but I would like to seek
> > debian-release(Adam) advice how to proceed. Adam has unblocked 5.3.3-2
> > (with prolonged delay to 15 days)... btw thanks for that ... so
> > should I upload 5.3.3-3 with this fix or wait for 5.3.3-2 to go to
> > testing and then upload 5.3.3-3 with urgency=high and request an
> > unblock again?
>
> This issue doesn't seem urgent. I would recommend to let 5.3.3-2
> with the current age-days and followup with the CVE-2010-3710
> after that.
>
> Maybe this would also allow the PHP maintainers to include a final
> fix for 546164?
5.3.3-2 has now migrated to testing. The upstream fix for CVE-2010-3710
looks small and sane enough to be included in a -3 upload. From reading
the log for 546164 I'm not sure what the fix would look like, but would
be prepared to look at fixing it in squeeze.
Regards,
Adam
More information about the pkg-php-maint
mailing list