[php-maint] Bug#658692: [php5-common]
juerg.hofmann at postbox.ch
Sun Feb 5 10:10:26 UTC 2012
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
--- Please enter the report below this line. ---
When i try to update php5-common and related packages, from Version:
5.3.3-7+squeeze3 to 5.3.3-7+squeeze7, i get the following info: WARNING:
terminal is not fully functional/tmp/tmpcnqGaJ (press RETURN).
After pressing return, the following is displayed:
php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high * The following
new directives were added as part of security fixes: - max_input_vars
- specifies how many GET/POST/COOKIE input variables may be
accepted. Default value is set to 1000. - xsl.security_prefs -
define forbidden operations within XSLT stylesheets. Write
operations are now disabled by default.
-- Ond?ej Sur? <ondrej at debian.org> Mon, 23 Jan 2012 12:22:26 +0100
php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low * Updated
blowfish crypt() algorithm fixes the 8-bit character handling
vulnerability (CVE-2011-2483) and adds more self-tests.
Unfortunately this change is incompatible with some old (wrong)
generated hashes for passwords containing 8-bit characters.
Therefore the new salt prefix '$2x$' was introduced which can be used
as a replacement for '$2a$' salt prefix in the password database in
case the incompatibility is found.
-- Ond?ej Sur? <ondrej at debian.org> Mon, 04 Jul 2011 10:31:16
The terminal hangs and nothing is udated.
Same with apt and synaptic.
--- System information. ---
Kernel: Linux 2.6.32-5-amd64
Debian Release: 6.0.4
500 stable-updates mirror.switch.ch
500 stable security.debian.org
500 stable mirror.switch.ch
--- Package information. ---
Depends (Version) | Installed
sed (>= 4.1.1-1) | 4.2.1-7
libc6 (>= 2.4) | 2.11.3-2
Recommends (Version) | Installed
php5-suhosin | 0.9.32.1-1
Package's Suggests field is empty.
More information about the pkg-php-maint