FS#5174 - Security-Fix for php

Attached to Project: Arch Linux
Opened by Pierre Schmitz (Pierre) - Sunday, 06 August 2006, 13:03 GMT
Last edited by Jan de Groot (JGC) - Wednesday, 30 August 2006, 20:43 GMT
Task Type Bug Report
Category Packages: Current
Status Closed
Assigned To Judd Vinet (judd)
Architecture not specified
Severity High
Priority Normal
Reported Version 0.7.2 Gimmick
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

http://www.hardened-php.net/ are providing some security-patches for current
php-versions. (I do not mean the hardening-patch)

For example the patch
http://www.hardened-php.net/php-5.1.4-security-fix-5.patch.gz fixes some
problems which are not yet fixed by a new release from php.net. More
information at
http://www.hardened-php.net/more_php_442_and_514_security_fixes.121.html

I think we should add the security-patches to our php-package and do not wait
until a new release comes out.

I attached a patch for the PKGBUILD which adds the current security-fix. This
PHP-Version is working on archlinux.de without any problems.
   php-sf5.siff (1 KiB)
This task depends upon

Closed by  Jan de Groot (JGC)
Sunday, 15 October 2006, 22:14 GMT
Reason for closing:  Fixed
Additional comments about closing:  These should be fixed in php 5.1.6 by now. PHP 5.1.6-4 contains a security fix for another bug.
Comment by Roman Kyrylych (Romashka) - Friday, 18 August 2006, 07:04 GMT
PHP 5.1.5 released. Does it contains fixes for all security problems, or this patch is still required?
Comment by Pierre Schmitz (Pierre) - Friday, 18 August 2006, 07:24 GMT
I hope so. The changelog seems to be very similar.
Comment by Roman Kyrylych (Romashka) - Thursday, 31 August 2006, 08:42 GMT
I think all these security fixes are fixed in 5.1.6 (but package maintainer should check this anyway). I doubt that PHP team doesn't care about security fixes, or forgot something. They just doesn't release an immediate security patched versions.

Loading...