Hi Salvatore, I have prepared versions for unstable (already uploaded) and for wheezy (compiling right now) with patch from upstream.
I'll submit it to [email protected] after it finishes the compilation. Whoever is doing squeeze LTS feel free to cherry-pick from git and commit back to our git. O. On Thu, Jun 12, 2014, at 8:19, Salvatore Bonaccorso wrote: > Source: php5 > Severity: grave > Tags: security upstream > > Hi > > A heap-based buffer overflow was commited in [1], Red Hat Bugzilla > reference at [2]. > > [1] > > https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468 > [2] https://bugzilla.redhat.com/show_bug.cgi?id=1108447 > > A CVE assignment is pending. Could you also mark affected versions for > the BTS? From a quick(!) look it seems that all versions have the > vulnerable code present. > > Regards, > Salvatore > > _______________________________________________ > pkg-php-maint mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý <[email protected]> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
