Holger Levsen <hol...@layer-acht.org> writes:

> ERROR: .data or .wml file missing for DLA 145-2

Hmm. Looks like that really should exist, and point to next version

(DLA-145-1 points to 5.3.3-7+squeeze24)

Here is the relevant information I can find:

commit f225a141ff91e4790ef74f00893cf29c2521eff6
Author: Thorsten Alteholz <alteh...@debian.org>
Date:   Mon Feb 2 16:30:14 2015 +0000

    DLA-145-1 php5 regression update
    git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@31913 

diff --git a/data/DLA/list b/data/DLA/list
index efe2117968..abf5a895cd 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,5 @@
+[02 Feb 2015] DLA-145-2 php5 - regression update
+       [squeeze] - php5 5.3.3-7+squeeze25
 [31 Jan 2015] DLA-145-1 php5 - security update
        {CVE-2014-0237 CVE-2014-0238 CVE-2014-2270 CVE-2014-8117}
        [squeeze] - php5 5.3.3-7+squeeze24

php5 (5.3.3-7+squeeze25) squeeze-lts; urgency=high

  * Non-maintainer upload by the Squeeze LTS Team.
  * as the patch for PHP bug 68739 seems to break cURL cookie handling
    it is removed again in this version, CVE-2015-TEMP-1.patch is affected
    (bug report can be found in: 

 -- Thorsten Alteholz <deb...@alteholz.de>  Mon, 02 Feb 2015 14:17:00 +0100

* https://bugs.php.net/bug.php?id=68739: upstream bug.

* https://lists.debian.org/debian-lts/2015/02/msg00007.html contains
technical information on the regression.

So it looks like the fix was reverted, which means in turn means that
CVE-2015-TEMP-1 was not fixed despite DLA 145-1 declaring otherwise,
however no point worrying about that now.... :-)

Where to from here? Should I invent an appropriate DLA-145-2 based on
the information above?
Brian May <b...@debian.org>

Reply via email to