Hi Chris,

On  Fr 19 Jan 2018 03:52:29 CET, Chris Lamb wrote:

Hi Mike,

Maybe you want to review the j-security patch and see if it applies to
the wheezy version?

It applies to the wheezy version; would you like me to go ahead and
upload? :)  That might be the expedient route to getting this into
Debian LTS :)

If you can confirm that the patch in fact fixes the CVE we are trying to resolve, then yes, please go ahead with a Debian LTS upload.

The underlying topic of the patch is: add a file name into a PHP comment and if this file name contains "*/<some-php-code>" then this PHP code gets executed.

Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgpSmcO0yq3ER.pgp
Description: Digitale PGP-Signatur

Reply via email to