FS#5174 - Security-Fix for php
Attached to Project:
Arch Linux
Opened by Pierre Schmitz (Pierre) - Sunday, 06 August 2006, 13:03 GMT
Last edited by Jan de Groot (JGC) - Wednesday, 30 August 2006, 20:43 GMT
Opened by Pierre Schmitz (Pierre) - Sunday, 06 August 2006, 13:03 GMT
Last edited by Jan de Groot (JGC) - Wednesday, 30 August 2006, 20:43 GMT
|
Details
http://www.hardened-php.net/
are providing some security-patches for current
php-versions. (I do not mean the hardening-patch) For example the patch http://www.hardened-php.net/php-5.1.4-security-fix-5.patch.gz fixes some problems which are not yet fixed by a new release from php.net. More information at http://www.hardened-php.net/more_php_442_and_514_security_fixes.121.html I think we should add the security-patches to our php-package and do not wait until a new release comes out. I attached a patch for the PKGBUILD which adds the current security-fix. This PHP-Version is working on archlinux.de without any problems. |
This task depends upon
Closed by Jan de Groot (JGC)
Sunday, 15 October 2006, 22:14 GMT
Reason for closing: Fixed
Additional comments about closing: These should be fixed in php 5.1.6 by now. PHP 5.1.6-4 contains a security fix for another bug.
Sunday, 15 October 2006, 22:14 GMT
Reason for closing: Fixed
Additional comments about closing: These should be fixed in php 5.1.6 by now. PHP 5.1.6-4 contains a security fix for another bug.
Comment by
Roman Kyrylych (Romashka) - Friday,
18 August 2006, 07:04 GMT
Comment by Pierre Schmitz (Pierre) -
Friday, 18 August 2006, 07:24 GMT
Comment by
Roman Kyrylych (Romashka) - Thursday,
31 August 2006, 08:42 GMT
PHP 5.1.5 released. Does it contains fixes for all security
problems, or this patch is still required?
I hope so. The changelog seems to be very similar.
I think all these security fixes are fixed in 5.1.6 (but package
maintainer should check this anyway). I doubt that PHP team
doesn't care about security fixes, or forgot something. They just
doesn't release an immediate security patched versions.