Package: php-geshi
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, Aug 21, 2012 at 11:41:43PM +0100, Steven Chamberlain wrote:
> Bug affects an example script in the documentation only.
>
> Untrusted paths are used by file() and opendir(). A patch committed
> upstream tries to sanitise the inputs. [1]
>
>
On Tue, 21 Aug 2012, Benny Baumann wrote:
> Given exactly the
> 2-3 years this package will be in stable/oldstable is the reason why
> there should be an update to something reasonably recent before the
> package is put into a distribution.
Sorry, it’s now too late for that. In May, something cou
unmerge 685324 685323
thanks
Hi Benny,
If I seem annoyed, it's because I was alerted about security issues in a
package deployed on one of my systems, and had to spend time looking
into it urgently. (And I still don't know what the issues really are.)
All I could find out is that you've been in
Dear Steven,
Am 20.08.2012 05:12, schrieb Steven Chamberlain:
> tags 685324 + moreinfo unreproducible
> tags 685323 + moreinfo unreproducible
> merge 685324 685323
> severity 685326 wishlist
> merge 685326 584251
> thanks
>
> Hi,
>
> Were these reports of security issues supposed to be genuine?
Ye
On Sun, 19 Aug 2012, Benny Baumann wrote:
> Please upgrade the php-geshi package to latest upstream.
With the freeze this is no longer possible. If this is indeed
a security issue, we can either apply a backported fix or have
the package removed from the release, at this point in time.
bye,
//mi
tags 685324 + moreinfo unreproducible
tags 685323 + moreinfo unreproducible
merge 685324 685323
severity 685326 wishlist
merge 685326 584251
thanks
Hi,
Were these reports of security issues supposed to be genuine?
Or was this simply your "idea on how to get them to update GeSHi". [1]
You refer
Package: php-geshi
Version: 1.0.8.4-1
Severity: serious
Tags: security upstream
GeSHi 1.0.8.11 closes a local file inclusion vulnerability present in one
of the contrib scripts provided in the GeSHi distribution. The bug has been
present for at least 1.0.8.4 (and maybe even longer).
Please upgrad
8 matches
Mail list logo
