registry team mailing list archive

Thread
Date

[Bug 682501] Re: php5 5.3.3-1 causing segfaults -> 5.3.3-4 backport for maverick?

To: registry@xxxxxxxxxxxxxxxxxxx
From: Ondřej Surý <ondrej@xxxxxxxx>
Date: Fri, 03 Dec 2010 16:41:15 -0000
Reply-to: Bug 682501 <682501@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

@Micah: the diffstat between 5.3.3-1 and 5.3.3-4 is not that big:

$ git diff 3c7bc2c87fd842df1df75783e014029adae00433 | diffstat 
 b/debian/patches/CVE-2010-2950.patch                                           |   11 
 b/debian/patches/CVE-2010-3436.patch                                           |   18 
 b/debian/patches/CVE-2010-3709.patch                                           |   12 
 b/debian/patches/CVE-2010-3710.patch                                           |   35 +
 b/debian/patches/CVE-2010-3870.patch                                           |  160 +++++
 b/debian/patches/CVE-2010-4156.patch                                           |   13 
 b/debian/patches/bug50481.patch                                                |   27 
 b/debian/patches/bug52487.patch                                                |   11 
 b/debian/patches/bug52573.patch                                                |   15 
 b/debian/patches/bug52827.patch                                                |   45 +
 b/debian/patches/bug52843.patch                                                |   11 
 b/debian/patches/bug52947.patch                                                |   10 
 b/debian/patches/bug53070.patch                                                |   20 
 b/debian/patches/bug53323.patch                                                |   22 
 b/debian/patches/fix-open_basedir-with-separator-r305698.patch                 |   21 
 b/debian/patches/fix_crash_in_GC.patch                                         |   55 +
 b/debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch |   17 
 b/debian/patches/php-5.3.4-ini.patch                                           |   30 +
 b/debian/patches/php_crypt_revamped.patch                                      |   56 +
 b/debian/patches/reject-filenames-with-null-r305507.patch                      |   13 
 b/debian/patches/use_system_crypt_fixes.patch                                  |   19 

Basically you should cherry-pick new patches in debian/patches/ and make
SRU. And you probably already have fixes at least for CVEs, don't you?

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-2950

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3436

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3709

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3710

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-3870

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2010-4156

-- 
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for php.
https://bugs.launchpad.net/bugs/682501

Title:
  php5 5.3.3-1 causing segfaults -> 5.3.3-4 backport for maverick?