On 18. juli 2014, at 16:28, Marko Randjelovic <mark...@sbb.rs> wrote:
> Hi, Hi! > > Some patches from 5.4.4-14+deb7u12 could be unmodified or with > modifications applied to 5.3.3-7+squeeze20. Some of them may be > relevant for security. Since I am not a DD, patches I found could be > useful are attached with eventual my modifications. I don't know if > they solve the problems nor if they do not make new bugs. > > patch affected > solved > --------------------------------------------------------------- -------- > ------ > proc_open-separate-environment-values-that-arent-strings.patch ? ? > Out-of-memory-on-command-stream_get_contents.patch y y > stream_socket_server-creates-wrong-Abstract-Namespace-UNIX-sock y y > exit-in-stream-filter-produces-segfault.patch y y > fpassthru-broken.patch partial ? > openssl_seal-memory-leak.patch y ? > Segfault-in-mysqli_stmt-bind_result-when-link-closed.patch ? ? > Segmentation-fault-after-memory_limit.patch ? ? > bug67498.patch y ? > CVE-2014-3480.patch ? ? It's a bit hard for me to read this, but I assume you're referring to DSA 2974-1. Several (if not all) of the issues in DSA 2974-1 are relevant to PHP 5.3.3. Judging from the patch labels, I would say that these should be applied. -- Cheers, Jan -- To UNSUBSCRIBE, email to debian-lts-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/0d724253-ec33-44d6-b1d0-3399d763a...@oyet.no
