On Wed, Nov 17, 2010 at 10:05:35AM +0100, Ondřej Surý wrote:
> Hi Moritz, Adam,
>
> thanks for heads up. I have cherry-picked fixes and they are in php
> git. Do you need any help with backporting those to lenny?
Raphael usually takes care of php5 for Lenny. IIRC there're a
lenny-branch in php-pkg svn, so you could already commit them.
> Meanwhile I thought it might be a good idea to went through svn log
> and I have found some more issues we might think about fixing
> (basically I went through the log and have checked all crashes,
> segfaults and leaks). The fixes below are small, self-contained and I
> have hand checked them all for sanity. There's even one CVE in
> openbasedir which we have not catched before.
open_basedir violations are not treated as security issues, see
README.Debian.security.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20101117200653.gb20...@inutil.org
