Adam, I have uploaded 5.3.3-4 with urgency=low. Please unblock when you are comfortable.
Thank you, Ondrej On Wed, Nov 17, 2010 at 22:36, Ondřej Surý <ond...@debian.org> wrote: > On Wed, Nov 17, 2010 at 21:32, Adam D. Barratt <a...@adam-barratt.org.uk> > wrote: >> On Wed, 2010-11-17 at 10:05 +0100, Ondřej Surý wrote: >>> thanks for heads up. I have cherry-picked fixes and they are in php >>> git. Do you need any help with backporting those to lenny? Anyway I am >>> going to wait for 5.3.3-3 to squeeze into the squeeze :) and after >>> that I am going to upload 5.3.3-4. >>> >>> Meanwhile I thought it might be a good idea to went through svn log >> [...] >>> The fixes below are small, self-contained and I >>> have hand checked them all for sanity. There's even one CVE in >>> openbasedir which we have not catched before. >> >> I don't mind fixing the issues you mentioned if you think they're >> important enough at this stage. However, I'd prefer that an upload >> including such fixes did not have high urgency, so it may depend how >> urgent getting the security fixes in to Squeeze is. > > That's fair since we are waiting for 5.3.3-3 to be in squeeze anyway > and I think that those three CVEs are not that urgent. Moritz could > you correct me if I am wrong? So I am going to upload 5.3.3-4 (it's > already built) with those changes I mentioned when 5.3.3-3 has > migrated to testing. > > Ondrej > -- > Ondřej Surý <ond...@sury.org> > http://blog.rfc1925.org/ > -- Ondřej Surý <ond...@sury.org> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
