Hi Adam. so I had problems with orig tarball, so my upload was rejected. Hence the 5.3.3-2 release contains all changes. So please unblock 5.3.3-2 after a reasonable period of time.
Thanks you, Ondrej On Thu, Oct 21, 2010 at 16:59, Ondřej Surý <[email protected]> wrote: > Hi Adam, > >> After further discussion, and looking at the security issues which >> upstream acknowledge being fixed in 5.3.3, please go ahead with the >> upload to unstable. I'm undecided yet whether to age the upload (and if >> so by how much) but an earlier upload has more chance of being unblocked >> earlier. :-) > > I am uploading 5.3.3-2 right now. I have fixed a couple of regressions > and cherry-picked one more CVE. > > Here's the full changelog (unfortunatelly I have forgotten to sync > changelog with git, so 5.3.3-2 doesn't have a full log), so I am going > to build 5.3.3-3 with full list of changes. > > I have disabled FPM SAPI, so it doesn't introduce any "new" code. FPM > SAPI will be enabled in next stable. > > php5 (5.3.3-3) unstable; urgency=low > > * Set explicit error level to hide warnings on systems with modified > php.ini (Closes: #590485) > * Apply patch to fix loading of extensions without [PHP] section > (Closes: #595761) > * Set session.gc_probability back to 0 (Closes: #595706) > * Update PHP5 description to not include references to C, Java and > Perl (Closes: #351032) > > -- Ondřej Surý <[email protected]> Thu, 21 Oct 2010 16:57:53 +0200 > > php5 (5.3.3-2) unstable; urgency=low > > * Upload 5.3.3 to unstable > + Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866, > CVE-2010-2531, CVE-2010-3065. > * Don't build FPM SAPI now > * Bump standards version to 3.9.1 > * Synchronize system crypt patch > * Cherry pick upstream fix for format vulnerability in phar/stream.c > + Fixes CVE-2010-2950. > > -- Ondřej Surý <[email protected]> Thu, 21 Oct 2010 16:57:53 +0200 > > > Ondrej > -- > Ondřej Surý <[email protected]> > http://blog.rfc1925.org/ > -- Ondřej Surý <[email protected]> http://blog.rfc1925.org/ -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/AANLkTi=AUo9GfUx>[email protected]
