Dear release managers, I'm GeSHi author Benny Baumann.
Recently there have been reports about two bugs in the currently packaged version of php-geshi for testing (1.0.7.22-1) that have both been fixed in the latest version (as included in unstable, v1.0.8.1-1). While the first bug allowed for code execution under rare conditions and could be fixed quite easily, the second one allows for Denial of Service attacks (from remote) while fixing that one would require much more efforts as there have been lots of changes between that release and the bugfix thus making locating a way to backport that particular issue complecated. Thus I'm asking you if you could unlock the freeze for php-geshi to allow upgrade to 1.0.8.1-1 especially since that release also fixed a lot of old highlighting issues. Best regards, BenBE. Changes can be found at http://geshi.svn.sourceforge.net/viewvc/geshi/tags/RELEASE_1_0_8_1/geshi-1.0.X/src/docs/CHANGES?revision=1926&view=markup or https://geshi.svn.sourceforge.net/svnroot/geshi/tags/RELEASE_1_0_8_1/geshi-1.0.X/src/docs/CHANGES -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
