On Wed, Feb 25, 2015 at 05:17:28PM -0300, Marcelo Jorge Vieira wrote:
> Hello Security team,
>
> I fixed the CVE-2008-7313 and CVE-2014-5008 in the libphp-snoopy
> package.
>
> The current libphp-snoopy package is 1.2.4-2 and it is the same for
> squeeze, wheezy, jessie and sid.
>
> As the Snoopy upstream made many incomplete fixes and it is full of
> whitespace noise (Revision 1.27 until 1.35) [0], I'm packaging the last
> stable release (2.0.0) and I intend to upload it to all Debian
> releases.
Hi Marcelo,
Given the mess in upstream development I agree that updating to 2.0.0
(in wheezy-security and jessie) would be the sanest option.
Did you test the reverse deps in wheezy and jessie to check whether
they are compatible?
wordpress (wheezy)
libphp-magpierss (jessie/wheezy)
ampache (jessie)
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
