On Wed, Nov 17, 2010 at 21:06, Moritz Muehlenhoff <j...@inutil.org> wrote: > On Wed, Nov 17, 2010 at 10:05:35AM +0100, Ondřej Surý wrote: >> Hi Moritz, Adam, >> >> thanks for heads up. I have cherry-picked fixes and they are in php >> git. Do you need any help with backporting those to lenny? > > Raphael usually takes care of php5 for Lenny. IIRC there're a > lenny-branch in php-pkg svn, so you could already commit them.
Since Raphael's last message was that he's going to be offline, it's probably up to me :-/. I'll see what I can do. >> Meanwhile I thought it might be a good idea to went through svn log >> and I have found some more issues we might think about fixing >> (basically I went through the log and have checked all crashes, >> segfaults and leaks). The fixes below are small, self-contained and I >> have hand checked them all for sanity. There's even one CVE in >> openbasedir which we have not catched before. > > open_basedir violations are not treated as security issues, see > README.Debian.security. I know and I wasn't suggesting to prepare security release in lenny. Sorry for not being clear. Anyway I think it's worth fixing for squeeze. O. -- Ondřej Surý <ond...@sury.org> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
