[php-maint] Freeze exception: php5

Ondřej Surý ondrej at debian.org
Thu Oct 21 14:59:07 UTC 2010

Hi Adam,

> After further discussion, and looking at the security issues which
> upstream acknowledge being fixed in 5.3.3, please go ahead with the
> upload to unstable.  I'm undecided yet whether to age the upload (and if
> so by how much) but an earlier upload has more chance of being unblocked
> earlier. :-)

I am uploading 5.3.3-2 right now. I have fixed a couple of regressions
and cherry-picked one more CVE.

Here's the full changelog (unfortunatelly I have forgotten to sync
changelog with git, so 5.3.3-2 doesn't have a full log), so I am going
to build 5.3.3-3 with full list of changes.

I have disabled FPM SAPI, so it doesn't introduce any "new" code. FPM
SAPI will be enabled in next stable.

php5 (5.3.3-3) unstable; urgency=low

  * Set explicit error level to hide warnings on systems with modified
    php.ini (Closes: #590485)
  * Apply patch to fix loading of extensions without [PHP] section
    (Closes: #595761)
  * Set session.gc_probability back to 0 (Closes: #595706)
  * Update PHP5 description to not include references to C, Java and
    Perl (Closes: #351032)

 -- Ondřej Surý <ondrej at debian.org>  Thu, 21 Oct 2010 16:57:53 +0200

php5 (5.3.3-2) unstable; urgency=low

  * Upload 5.3.3 to unstable
    + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866,
      CVE-2010-2531, CVE-2010-3065.
  * Don't build FPM SAPI now
  * Bump standards version to 3.9.1
  * Synchronize system crypt patch
  * Cherry pick upstream fix for format vulnerability in phar/stream.c
    + Fixes CVE-2010-2950.

 -- Ondřej Surý <ondrej at debian.org>  Thu, 21 Oct 2010 16:57:53 +0200

Ondřej Surý <ondrej at sury.org>

More information about the pkg-php-maint mailing list