Sergey B Kirpichev schrieb:
> Dear mentors,
>
> I am looking for a sponsor for the new version 1.0.5-1
> of my package "php-geoip".
>
> It builds these binary packages:
> php5-geoip - GeoIP module for php5
>
> The package appears to be lintian clean.
>
> The package can be found on mentors.debian.net:
> - URL: http://mentors.debian.net/debian/pool/main/p/php-geoip
> - Source repository: deb-src http://mentors.debian.net/debian unstable main
> contrib non-free
> - dget
> http://mentors.debian.net/debian/pool/main/p/php-geoip/php-geoip_1.0.5-1.dsc
>
> I would be glad if someone uploaded this package for me.
>
>
>
I had a look in your package and this makes me a headache:
php-geoip (1.0.5-1) unstable; urgency=low
* New upstream release. Fix security issue:
+ formatting bug in phpinfo()
>From the upstream changelog:
* Small bug in phpinfo() when printing version number could crash PHP.
So on a local/remote attacker could crash PHP (also the webserver?) by
just using phpinfo()?
I CCed the security team and this fix should also go in to Lenny and
your urgency should be bumped to something higher than low.
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
E-Mail: patrick.matth...@web.de
Comment:
Always if we think we are right,
we were maybe wrong.
*/
--
To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
