Holger Levsen <hol...@layer-acht.org> writes:
> ERROR: .data or .wml file missing for DLA 145-2
Hmm. Looks like that really should exist, and point to next version
5.3.3-7+squeeze25
(DLA-145-1 points to 5.3.3-7+squeeze24)
Here is the relevant information I can find:
commit f225a141ff91e4790ef74f00893cf29c2521eff6
Author: Thorsten Alteholz <alteh...@debian.org>
Date: Mon Feb 2 16:30:14 2015 +0000
DLA-145-1 php5 regression update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@31913
e39458fd-73e7-0310-bf30-c45bca0a0e42
diff --git a/data/DLA/list b/data/DLA/list
index efe2117968..abf5a895cd 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,5 @@
+[02 Feb 2015] DLA-145-2 php5 - regression update
+ [squeeze] - php5 5.3.3-7+squeeze25
[31 Jan 2015] DLA-145-1 php5 - security update
{CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117}
[squeeze] - php5 5.3.3-7+squeeze24
php5 (5.3.3-7+squeeze25) squeeze-lts; urgency=high
* Non-maintainer upload by the Squeeze LTS Team.
* as the patch for PHP bug 68739 seems to break cURL cookie handling
it is removed again in this version, CVE-2015-TEMP-1.patch is affected
(bug report can be found in:
https://lists.debian.org/debian-lts/2015/02/msg00007.html)
-- Thorsten Alteholz <deb...@alteholz.de> Mon, 02 Feb 2015 14:17:00 +0100
* https://bugs.php.net/bug.php?id=68739: upstream bug.
* https://lists.debian.org/debian-lts/2015/02/msg00007.html contains
technical information on the regression.
So it looks like the fix was reverted, which means in turn means that
CVE-2015-TEMP-1 was not fixed despite DLA 145-1 declaring otherwise,
however no point worrying about that now.... :-)
Where to from here? Should I invent an appropriate DLA-145-2 based on
the information above?
--
Brian May <b...@debian.org>
