[php-maint] Bug#657698: php5: re-enable suhosin patch or add separate packages with suhosin patch enabled per default

Christoph Anton Mitterer calestyo at scientia.net
Fri Mar 2 12:57:56 UTC 2012

Hi again.

1) We recently saw several CVEs on php5...

I think it would be nice for the records in this ticket, to see which 
of them would have been avoided by the use of suhosin-core-patch, 
suhosin-module or both.
Is there an overview? Stefan, any ideas?

And rather unrelated to that particular Debian bug:
2) I know we talked about that before and there have been probably 
plenty of discussions elsewhere where I was not involved, but...
... now that PHP 5.4 is out ...

Is there any chance or at least space to talk between suhosin and php 
upstream, about an inclusion of the former in the later (i.e. on a basis 
that one can enable/disable it via an ini setting or so)?
I know there are arguments pro and contra such a inclusion,... but IMHO 
the biggest one is security for the end-user, and that would clearly be 
improved by including it upstream (and perhaps even enabling it per 


More information about the pkg-php-maint mailing list