[php-maint] Bug#603751: Bug#603751: Three more security issues
Moritz Muehlenhoff
jmm at inutil.org
Wed Nov 17 20:06:53 UTC 2010
On Wed, Nov 17, 2010 at 10:05:35AM +0100, Ondřej Surý wrote:
> Hi Moritz, Adam,
>
> thanks for heads up. I have cherry-picked fixes and they are in php
> git. Do you need any help with backporting those to lenny?
Raphael usually takes care of php5 for Lenny. IIRC there're a
lenny-branch in php-pkg svn, so you could already commit them.
> Meanwhile I thought it might be a good idea to went through svn log
> and I have found some more issues we might think about fixing
> (basically I went through the log and have checked all crashes,
> segfaults and leaks). The fixes below are small, self-contained and I
> have hand checked them all for sanity. There's even one CVE in
> openbasedir which we have not catched before.
open_basedir violations are not treated as security issues, see
README.Debian.security.
Cheers,
Moritz
More information about the pkg-php-maint
mailing list