Your message dated Thu, 6 Jan 2011 14:18:46 +0100
with message-id <[email protected]>
and subject line Re: Bug#609007: unblock: php5/5.3.3-7
has caused the Debian Bug report #609007,
regarding unblock: php5/5.3.3-7
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
609007: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609007
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package php5
New upload fixes one CVE, one remote DoS (infinite loop which will
probably get a CVE as well) and several fixes for segfauls and memory
leaks cherry picked from upstream SVN.
The diffstat looks quite small with exception of
memory-leak-inside-highlight_string because the patched file is
autogenerated and contains lots of:
-#line 1014 "Zend/zend_language_scanner.c"
+#line 1024 "Zend/zend_language_scanner.c"
changes.
Here's the diffstat for php5_5.3.3-6 php5_5.3.3-7
debian/patches/CVE-2010-4150.patch
| 15
debian/patches/do-not-overwrite-GLOBALS-and-this.patch
| 43
debian/patches/fix-crash-if-aa-steps-are-invalid.patch
| 14
debian/patches/fix-crash-with-entity-declarations-in-simplexml.patch
| 41
debian/patches/fix-for-NULL-deref-in-zend_language_scanner.patch
| 13
debian/patches/fix-infinite-loop-with-x87-cpu.patch
| 24
debian/patches/fix-integer-overflow-in-SdnToJulian.patch
| 90
debian/patches/fix-leak-and-possible-crash-introduced-by-the-null-poisoning-patch.patch
| 61
debian/patches/fix-leaks-and-crash-bug-when-passing-the-callback-as-variable.patch
| 11
debian/patches/fix-memory-leak-inside-highlight_string.patch
| 2571 ++++++++++
debian/patches/fix-segfault-in-pgsql_stmt_execute-when-postgres-is-down.patch
| 11
debian/patches/fix-segfault-when-extending-SplFixedArray.patch
| 40
debian/patches/fix-segfault-when-node-is-NULL-in-simplexml.patch
| 11
debian/patches/fix-segfault-when-using-several-cloned-intl-objects.patch
| 130
debian/patches/fix-sqlite3-columnName-segfaults-on-bad-column_number.patch
| 57
php5-5.3.3/debian/README.source
| 6
php5-5.3.3/debian/changelog
| 25
php5-5.3.3/debian/patches/series
| 15
18 files changed, 3178 insertions(+)
unblock php5/5.3.3-7
-- System Information:
Debian Release: squeeze/sid
APT prefers maverick-updates
APT policy: (500, 'maverick-updates'), (500, 'maverick-security'), (500,
'maverick-proposed'), (500, 'maverick-backports'), (500, 'maverick')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.35-24-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
On Wed, Jan 5, 2011 at 13:15:32 +0100, Ondřej Surý wrote:
> Please unblock package php5
>
Unblocked, and set urgency so it can migrate after 2 days instead of 10.
> New upload fixes one CVE, one remote DoS (infinite loop which will
> probably get a CVE as well) and several fixes for segfauls and memory
It got CVE-2010-4645.
> leaks cherry picked from upstream SVN.
>
> The diffstat looks quite small with exception of
> memory-leak-inside-highlight_string because the patched file is
> autogenerated and contains lots of:
>
> -#line 1014 "Zend/zend_language_scanner.c"
> +#line 1024 "Zend/zend_language_scanner.c"
>
It's also a bit confusing in that
fix-for-NULL-deref-in-zend_language_scanner.patch changes the lex file
but fix-memory-leak-inside-highlight_string.patch has the corresponding
.c file change (along with the memory leak fix).
Cheers,
Julien
signature.asc
Description: Digital signature
--- End Message ---
