On Wed, Nov 17, 2010 at 10:36:21PM +0100, Ondřej Surý wrote:
> On Wed, Nov 17, 2010 at 21:32, Adam D. Barratt <a...@adam-barratt.org.uk>
> wrote:
> > On Wed, 2010-11-17 at 10:05 +0100, Ondřej Surý wrote:
> >> thanks for heads up. I have cherry-picked fixes and they are in php
> >> git. Do you need any help with backporting those to lenny? Anyway I am
> >> going to wait for 5.3.3-3 to squeeze into the squeeze :) and after
> >> that I am going to upload 5.3.3-4.
> >>
> >> Meanwhile I thought it might be a good idea to went through svn log
> > [...]
> >> The fixes below are small, self-contained and I
> >> have hand checked them all for sanity. There's even one CVE in
> >> openbasedir which we have not catched before.
> >
> > I don't mind fixing the issues you mentioned if you think they're
> > important enough at this stage. However, I'd prefer that an upload
> > including such fixes did not have high urgency, so it may depend how
> > urgent getting the security fixes in to Squeeze is.
>
> That's fair since we are waiting for 5.3.3-3 to be in squeeze anyway
> and I think that those three CVEs are not that urgent. Moritz could
> you correct me if I am wrong? So I am going to upload 5.3.3-4 (it's
> already built) with those changes I mentioned when 5.3.3-3 has
> migrated to testing.
Ack.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
