Your message dated Wed, 1 Feb 2012 11:06:28 +0100
with message-id
<caljhhg__jx10t1mmcbejhqvbud7q1hxk2bcxti-rmcg24ty...@mail.gmail.com>
and subject line Fixed
has caused the Debian Bug report #656308,
regarding CVE-2012-0057: XSLT file writing vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
656308: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656308
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: src:php5
Version: 5.2.6.dfsg.1-1+lenny13
Severity: grave
Tags: security patch upstream
Justification: user security hole
Hi,
recently released php 5.3.9 includes a fix for CVE-2012-0057, which I
think affects {old,}stable. Would it be possible to prepare an update
for Lenny and Squeeze? Note that the fix disable file writing from XSLT
which is a behavior change which might be unexpected in stable.
Upstream patch is at
http://svn.php.net/viewvc/?view=revision&revision=317759
Regards,
--
Yves-Alexis
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500,
'oldstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
found 656308 5.3.3-7
fixed 656308 5.3.3-7+squeeze6
fixed 656308 5.3.9-1
http://www.debian.org/security/2012/dsa-2399
--
Ondřej Surý <ond...@sury.org>
--- End Message ---
