[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

The security fixes in the mentioned PHP releases have been in the -security repositories for all supported distributions, over 3 months ago. A backport task is not necessary or appropriate for this case and the task has been marked invalid. -- Please roll out security fixes from PHP 5.2.6 https:/

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

still not in backport .. -- Please roll out security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bug

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

People, could you stop chatting about issues unrelated to this bug? There are plenty people who are subscribed to this bug. Take this to some relevant mailling list pretty please. -- Please roll out security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notific

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

We're way off topic now (sorry) but in fact Ubuntu does seem to realize there is a problem and is addressing it. My biggest complaint is that there was no news, and no clear way for me to help. They are now advertising for more security engineers, and I am applying. http://webapps.ubuntu.com/emplo

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

Thank you for the fixes. Everyone seems to complain, but no one seems to want to thank you. Thank you, too, for being great netizens and working balls-out to fix the huge DNS holes. The bind updates were seriously needed and (I can only presume) required a LOT of time. I realize that the catastr

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

http://www.ubuntu.com/usn/usn-628-1 ** Changed in: php5 (Ubuntu Dapper) Status: Fix Committed => Fix Released -- Please roll out security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

This bug was fixed in the package php5 - 5.2.4-2ubuntu5.3 --- php5 (5.2.4-2ubuntu5.3) hardy-security; urgency=low [ Tormod Volden ] * Backport security fixes from 5.2.6: (LP: #227464) - debian/patches/SECURITY_CVE-2008-2050.patch + Fixed possible stack buffer overflow in

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

This bug was fixed in the package php5 - 5.2.3-1ubuntu6.4 --- php5 (5.2.3-1ubuntu6.4) gutsy-security; urgency=low * debian/patches/SECURITY_CVE-2008-2050.patch: possible stack overflow and sending of unitialized paddings * debian/patches/SECURITY_CVE-2008-2051.patch: properly

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

This bug was fixed in the package php5 - 5.2.1-0ubuntu1.6 --- php5 (5.2.1-0ubuntu1.6) feisty-security; urgency=low * debian/patches/209-CVE-2008-2050.patch: possible stack overflow and sending of unitialized paddings * debian/patches/210-CVE-2008-2051.patch: properly address i

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

** Changed in: php5 (Ubuntu Dapper) Status: In Progress => Fix Committed ** Changed in: php5 (Ubuntu Feisty) Status: In Progress => Fix Committed ** Changed in: php5 (Ubuntu Gutsy) Status: In Progress => Fix Committed ** Changed in: php5 (Ubuntu Hardy) Status: In Prog

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

** Changed in: php5 (Ubuntu Dapper) Assignee: (unassigned) => Jamie Strandboge (jdstrand) Status: New => In Progress ** Changed in: php5 (Ubuntu Feisty) Assignee: (unassigned) => Jamie Strandboge (jdstrand) Status: New => In Progress ** Changed in: php5 (Ubuntu Gutsy)

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

While the debdiff is much appreciated, there are several issues involved beyond pushing out this debdiff: 1) updates need to be backported and tested for all for released versions (not just hardy) 2) the patches in the debdiff are not in line with Debian or other distributions, so they need to b

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

I agree with spinkham. It is a shame that a security issue in a main package (and php5 is pretty prominent when it comes to servers) has a tested debdiff sitting untouched for 5 weeks. Can't blame Kees and his two other colleagues - they have certainly been busy - but yes, there are only 3 (three)

Re: [Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

Sorry for the delays in getting this update published. The Ubuntu Security Team has been very busy lately. As an explaination, most of the vulnerabilities are hard to exploit, so this has been lower on the list of things to do. All that said, now that Bind and the latest cycles of kernel updates

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

This has been addressed in Intrepid by updating to PHP 5 here: https://launchpad.net/ubuntu/intrepid/+source/php5/5.2.6-1ubuntu1 Minimal patch above in this post https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/15 Re: test cases: I've not yet seen widely published exploit code,

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

This has been addressed in Intrepid buy updating to PHP 5 here: https://launchpad.net/ubuntu/intrepid/+source/php5/5.2.6-1ubuntu1 Minimal patch above in this post https://bugs.launchpad.net/ubuntu/+source/php5/+bug/227464/comments/15 Re: test cases: I've not yet seen widely published exploit code

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

Impact: Fixed possible stack buffer overflow in FastCGI SAPI Impact:Potential DOS and remote code execution if using FastCGI Updated PCRE to deal with issues fixed in USN-581-1 Impact:potential DOS and code execution Fixes CVE-2008-0599 Impact:Potential DOS and remote code execu

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

Sorry, my listing of cURL exploit is not quite accurate, here's an updated version with that and some other fixes (let that be a lesson for you, not to post hastefully and in anger ;-) Impact: Fixed possible stack buffer overflow in FastCGI SAPI Impact:Potential DOS and remote code executio

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

I'm sorry for whining to the people who are subscribed to and care about this bug, but over 2 months since the release of a package with 3 claimed remotely exploitable code injection bugs makes me VERY hesitant to ever recommend Ubuntu for server use ever again. By this time even the slow moving

Re: [Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

Well this sounds like it meets the first criteria: "Bugs which may, under realistic circumstances, directly cause a *security vulnerability*. These are done by the security team and are documented at SecurityUpdateProcedures ." So what stage is

Re: [Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

On Thu, Jul 10, 2008 at 10:14 AM, Andrew Cholakian <[EMAIL PROTECTED]> wrote: > Agreed spinkham, debian got the release out fast, what's going on here? The Stable Release Update process for an Long Term Support release such as Hardy involves a bit a work and justification on our end in order to ro

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

Agreed spinkham, debian got the release out fast, what's going on here? -- Please roll out security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-ser

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

Another month has passed, no release for Hardy. I'm not savvy enough with the Ubuntu release procedures to even know who to contact about this. Could someone tell me what it would take to get these bugs fixed in the current stable, advertised for server use Ubuntu? There are 3 remote code execut

[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6

** Summary changed: - Please backport security fixes from PHP 5.2.6 + Please roll out security fixes from PHP 5.2.6 -- Please roll out security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is