still not in backport ..
--
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
--
Ubuntu-server-bugs mailing list
People, could you stop chatting about issues unrelated to this bug?
There are plenty people who are subscribed to this bug. Take this to
some relevant mailling list pretty please.
--
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug
Thank you for the fixes. Everyone seems to complain, but no one seems
to want to thank you.
Thank you, too, for being great netizens and working balls-out to fix
the huge DNS holes.
The bind updates were seriously needed and (I can only presume) required
a LOT of time. I realize that the
This bug was fixed in the package php5 - 5.2.4-2ubuntu5.3
---
php5 (5.2.4-2ubuntu5.3) hardy-security; urgency=low
[ Tormod Volden ]
* Backport security fixes from 5.2.6: (LP: #227464)
- debian/patches/SECURITY_CVE-2008-2050.patch
+ Fixed possible stack buffer overflow
http://www.ubuntu.com/usn/usn-628-1
** Changed in: php5 (Ubuntu Dapper)
Status: Fix Committed = Fix Released
--
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Agreed spinkham, debian got the release out fast, what's going on here?
--
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
--
On Thu, Jul 10, 2008 at 10:14 AM, Andrew Cholakian
[EMAIL PROTECTED] wrote:
Agreed spinkham, debian got the release out fast, what's going on here?
The Stable Release Update process for an Long Term Support release
such as Hardy involves a bit a work and justification on our end in
order to roll
I'm sorry for whining to the people who are subscribed to and care about this
bug, but over 2 months since the release of a package with 3 claimed remotely
exploitable code injection bugs makes me VERY hesitant to ever recommend Ubuntu
for server use ever again.
By this time even the slow
Impact:
Fixed possible stack buffer overflow in FastCGI SAPI
Impact:Potential DOS and remote code execution if using FastCGI
Updated PCRE to deal with issues fixed in USN-581-1
Impact:potential DOS and code execution
Fixes CVE-2008-0599
Impact:Potential DOS and remote code
I agree with spinkham. It is a shame that a security issue in a main
package (and php5 is pretty prominent when it comes to servers) has a
tested debdiff sitting untouched for 5 weeks. Can't blame Kees and his
two other colleagues - they have certainly been busy - but yes, there
are only 3 (three)
10 matches
Mail list logo