On Sun, Feb 11, 2007 at 10:01:22PM +0100, Ondřej Surý wrote: > Oh my goddess :-(
> > PHP 5.2.1 fixes some security problems. See > > http://www.php.net/releases/5_2_1.php > > http://secunia.com/advisories/24089/ > Seems there is a lot of stack and buffer overflows fixed. > Unfortunatelly our lovely PHP upstream maintainers bundled > a lot of stuff into 5.2.1 as well including changes in default > behaviour. I would love to have 5.2.1 in etch, but I am prepared to go > cherry picking. > Steve, what's your opinion? Cesspool will remain cesspool, so I don't > see big difference between 5.2.0 and 5.2.1 in terms of bugginess. Well, as you mention changes to default behavior, the difference is the impact that such changes would have on other apps that depend on the current behavior. So I'm afraid this needs to be handled in a way that we get the security fixes without whatever random changes upstream has decided to make. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
