[php-maint] Bug#658692: Bug#658692: Bug#658692: [php5-common]
ondrej at debian.org
Sun Feb 5 13:26:40 UTC 2012
reassign 658692 apt-listchanges
severity 658692 normal
Definitely not a bug in the php5. Reassigning to apt-listchanges (it tried to
output the contents of debian/NEWS file).
What was your environment when you tried to upgrade? Some unusual
configuration of the terminal/pager/etc.?
On Sun, Feb 5, 2012 at 11:31, Lior Kaplan <kaplan at debian.org> wrote:
> The looks likes an output of apt-listchanges. Could you try and remove this
> package and update again the php package ?
> You've opened the bug at severity:serious, but it doesn't sounds like your
> php installation got broken by this message. Unless it's broken or not
> functional, we'll change this bug to severity:normal.
> On Sun, Feb 5, 2012 at 11:10 AM, Jürg Hofmann <juerg.hofmann at postbox.ch>
>> Package: php5-common
>> Version: 5.3.3-7+squeeze3
>> Severity: serious
>> Tags: security
>> X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
>> --- Please enter the report below this line. ---
>> When i try to update php5-common and related packages, from Version:
>> 5.3.3-7+squeeze3 to 5.3.3-7+squeeze7, i get the following info: WARNING:
>> terminal is not fully functional/tmp/tmpcnqGaJ (press RETURN).
>> After pressing return, the following is displayed:
>> php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high * The following
>> new directives were added as part of security fixes: - max_input_vars -
>> specifies how many GET/POST/COOKIE input variables may be accepted.
>> Default value is set to 1000. - xsl.security_prefs - define forbidden
>> operations within XSLT stylesheets. Write operations are now disabled
>> by default.
>> -- Ond?ej Sur? <ondrej at debian.org> Mon, 23 Jan 2012 12:22:26 +0100
>> php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low * Updated blowfish
>> crypt() algorithm fixes the 8-bit character handling vulnerability
>> (CVE-2011-2483) and adds more self-tests. Unfortunately this change is
>> incompatible with some old (wrong) generated hashes for passwords
>> containing 8-bit characters. Therefore the new salt prefix '$2x$' was
>> introduced which can be used as a replacement for '$2a$' salt prefix in
>> the password database in case the incompatibility is found.
>> -- Ond?ej Sur? <ondrej at debian.org> Mon, 04 Jul 2011 10:31:16
>> +0200/tmp/tmp2PNfKm (END)
>> The terminal hangs and nothing is udated.
>> Same with apt and synaptic.
>> --- System information. ---
>> Architecture: amd64
>> Kernel: Linux 2.6.32-5-amd64
>> Debian Release: 6.0.4
>> 500 stable-updates mirror.switch.ch
>> 500 stable security.debian.org
>> 500 stable mirror.switch.ch
>> --- Package information. ---
>> Depends (Version) | Installed
>> sed (>= 4.1.1-1) | 4.2.1-7
>> libc6 (>= 2.4) | 2.11.3-2
>> Recommends (Version) | Installed
>> php5-suhosin | 0.9.32.1-1
>> Package's Suggests field is empty.
>> pkg-php-maint mailing list
>> pkg-php-maint at lists.alioth.debian.org
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
Ondřej Surý <ondrej at sury.org>
More information about the pkg-php-maint