* [gentoo-dev] PHP security status
@ 2007-07-15 13:02 Hanno Böck
2007-07-15 13:43 ` Christian Heim
2007-07-15 18:06 ` Sune Kloppenborg Jeppesen
0 siblings, 2 replies; 3+ messages in thread
From: Hanno Böck @ 2007-07-15 13:02 UTC (permalink / raw
To: gentoo-dev; +Cc: Christian Hoffmann, chtekk
[-- Attachment #1: Type: text/plain, Size: 985 bytes --]
Hi,
At the moment, we have a quite problematic situation with the php ebuilds. Due
to various people doing research on php-issues, there has been a vast number
of security issues in the last months (mopb and others).
We still have 5.2.2 in the tree. A user, christian hoffmann, is maintaining
some ebuilds in the php-experimental-overlay. They've, from what I know,
fixed nearly all issues, beside one openbasedir-bypass, where we fail to find
a patch (CVE-2007-3378).
Now, chtekk has been very rarely available lately. chtekk, could you raise
your voice and tell us if you'll be back soon or if we could merge stuff
without you in the meantime.
Christian is doing a quite well job in the overlay. I'd prefer if we could
merge his work into the main tree. I could do that, although I'd prefer to
get some review from other devs. php is a hell to maintain I think.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber: jabber@hboeck.de
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-dev] PHP security status
2007-07-15 13:02 [gentoo-dev] PHP security status Hanno Böck
@ 2007-07-15 13:43 ` Christian Heim
2007-07-15 18:06 ` Sune Kloppenborg Jeppesen
1 sibling, 0 replies; 3+ messages in thread
From: Christian Heim @ 2007-07-15 13:43 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 1392 bytes --]
On Sunday 15 July 2007 15:02:45 Hanno Böck wrote:
> Hi,
>
> At the moment, we have a quite problematic situation with the php ebuilds.
> Due to various people doing research on php-issues, there has been a vast
> number of security issues in the last months (mopb and others).
>
> We still have 5.2.2 in the tree. A user, christian hoffmann, is maintaining
> some ebuilds in the php-experimental-overlay. They've, from what I know,
> fixed nearly all issues, beside one openbasedir-bypass, where we fail to
> find a patch (CVE-2007-3378).
>
> Now, chtekk has been very rarely available lately. chtekk, could you raise
> your voice and tell us if you'll be back soon or if we could merge stuff
> without you in the meantime.
As you might know from his away status (either from IRC or the devaway¹ page),
Luca is currently doing his mandatory military service for his country till
November iirc.
> Christian is doing a quite well job in the overlay. I'd prefer if we could
> merge his work into the main tree. I could do that, although I'd prefer to
> get some review from other devs. php is a hell to maintain I think.
1:http://www.gentoo.org/proj/en/devrel/roll-call/devaway.xml?select=chtekk#chtekk
Regards,
Christian
--
Christian Heim <phreak at gentoo.org>
GPG key ID: 9A9F68E6
Fingerprint: AEC4 87B8 32B8 4922 B3A9 DF79 CAE3 556F 9A9F 68E6
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-dev] PHP security status
2007-07-15 13:02 [gentoo-dev] PHP security status Hanno Böck
2007-07-15 13:43 ` Christian Heim
@ 2007-07-15 18:06 ` Sune Kloppenborg Jeppesen
1 sibling, 0 replies; 3+ messages in thread
From: Sune Kloppenborg Jeppesen @ 2007-07-15 18:06 UTC (permalink / raw
To: gentoo-dev
On Sunday 15 July 2007 15:02, Hanno Böck wrote:
> Christian is doing a quite well job in the overlay. I'd prefer if we could
> merge his work into the main tree. I could do that, although I'd prefer to
> get some review from other devs. php is a hell to maintain I think.
Christian just provided an updated, so now would be a good time to give
reviews. More security details on bug 180556¹.
¹ https://bugs.gentoo.org/show_bug.cgi?id=180556
--
Sune Kloppenborg Jeppesen
Gentoo Linux Security Team
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-07-15 18:09 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-15 13:02 [gentoo-dev] PHP security status Hanno Böck
2007-07-15 13:43 ` Christian Heim
2007-07-15 18:06 ` Sune Kloppenborg Jeppesen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox