On 20/02/17 23:19, Antoine Beaupré wrote: > It seems a bit too much to do a DLA for a single issue in the php5 > package (CVE-2016-7478, namely): > > https://security-tracker.debian.org/tracker/source-package/php5 > > I looked at the issue and the patch is easily ported, but i suggest we > postpone this DLA until we have piled up more important > issues... > > I attached the backported patch for future reference. I'll update the > security tracker with details as well.
You should commit that to https://anonscm.debian.org/cgit/collab-maint/debian-lts/php5.git/ > PS: has someone notified the maintainer before triaging this issue? i > didn't see a mail go through... AFAIK we handle php5 ourselves. Cheers, Emilio
