On Tue, Feb 12, 2019 at 07:44:41AM +0530, Abhijith PA wrote: > > That was very stupid of me. I was working on CVE-2018-1000888 in > php-pear and this ships via php5 in jessie. I didn't noticed php5 > already entered dla-needed.txt and I went directly changing php-pear to > php5. Anyway I release DLA for my upload. > No worries, we all make mistakes :-)
It took me several tries to figure out why the 5.6.40 build failed after incorporating your change, but I was able to determine that the change introduced by your patch is now included upstream. I have an updated 5.6.40 build ready and I was waiting on the assignment of CVEs by upstream. I wonder if it would make more sense to go ahead with uploading 5.6.40 and publish a revision to the DLA, or whether I should continue to wait on the CVE assignments. Thoughts? Regards, -Roberto -- Roberto C. Sánchez
