public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-dev] PHP security status
@ 2007-07-15 13:02 Hanno Böck
  2007-07-15 13:43 ` Christian Heim
  2007-07-15 18:06 ` Sune Kloppenborg Jeppesen
  0 siblings, 2 replies; 3+ messages in thread
From: Hanno Böck @ 2007-07-15 13:02 UTC (permalink / raw
  To: gentoo-dev; +Cc: Christian Hoffmann, chtekk

[-- Attachment #1: Type: text/plain, Size: 985 bytes --]

Hi,

At the moment, we have a quite problematic situation with the php ebuilds. Due 
to various people doing research on php-issues, there has been a vast number 
of security issues in the last months (mopb and others).

We still have 5.2.2 in the tree. A user, christian hoffmann, is maintaining 
some ebuilds in the php-experimental-overlay. They've, from what I know, 
fixed nearly all issues, beside one openbasedir-bypass, where we fail to find 
a patch (CVE-2007-3378).

Now, chtekk has been very rarely available lately. chtekk, could you raise 
your voice and tell us if you'll be back soon or if we could merge stuff 
without you in the meantime.
Christian is doing a quite well job in the overlay. I'd prefer if we could 
merge his work into the main tree. I could do that, although I'd prefer to 
get some review from other devs. php is a hell to maintain I think.

-- 
Hanno Böck		Blog:   http://www.hboeck.de/
GPG: 3DBD3B20		Jabber: jabber@hboeck.de

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-dev] PHP security status
  2007-07-15 13:02 [gentoo-dev] PHP security status Hanno Böck
@ 2007-07-15 13:43 ` Christian Heim
  2007-07-15 18:06 ` Sune Kloppenborg Jeppesen
  1 sibling, 0 replies; 3+ messages in thread
From: Christian Heim @ 2007-07-15 13:43 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 1392 bytes --]

On Sunday 15 July 2007 15:02:45 Hanno Böck wrote:
> Hi,
>
> At the moment, we have a quite problematic situation with the php ebuilds.
> Due to various people doing research on php-issues, there has been a vast
> number of security issues in the last months (mopb and others).
>
> We still have 5.2.2 in the tree. A user, christian hoffmann, is maintaining
> some ebuilds in the php-experimental-overlay. They've, from what I know,
> fixed nearly all issues, beside one openbasedir-bypass, where we fail to
> find a patch (CVE-2007-3378).
>
> Now, chtekk has been very rarely available lately. chtekk, could you raise
> your voice and tell us if you'll be back soon or if we could merge stuff
> without you in the meantime.

As you might know from his away status (either from IRC or the devaway¹ page), 
Luca is currently doing his mandatory military service for his country till 
November iirc.

> Christian is doing a quite well job in the overlay. I'd prefer if we could
> merge his work into the main tree. I could do that, although I'd prefer to
> get some review from other devs. php is a hell to maintain I think.

1:http://www.gentoo.org/proj/en/devrel/roll-call/devaway.xml?select=chtekk#chtekk

Regards,

   Christian

-- 
Christian Heim <phreak at gentoo.org>
GPG key ID: 9A9F68E6
Fingerprint: AEC4 87B8 32B8 4922 B3A9 DF79 CAE3 556F 9A9F 68E6

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [gentoo-dev] PHP security status
  2007-07-15 13:02 [gentoo-dev] PHP security status Hanno Böck
  2007-07-15 13:43 ` Christian Heim
@ 2007-07-15 18:06 ` Sune Kloppenborg Jeppesen
  1 sibling, 0 replies; 3+ messages in thread
From: Sune Kloppenborg Jeppesen @ 2007-07-15 18:06 UTC (permalink / raw
  To: gentoo-dev

On Sunday 15 July 2007 15:02, Hanno Böck wrote:
> Christian is doing a quite well job in the overlay. I'd prefer if we could
> merge his work into the main tree. I could do that, although I'd prefer to
> get some review from other devs. php is a hell to maintain I think.
Christian just provided an updated, so now would be a good time to give 
reviews. More security details on bug 180556¹.

¹ https://bugs.gentoo.org/show_bug.cgi?id=180556
-- 
Sune Kloppenborg Jeppesen
Gentoo Linux Security Team
--
gentoo-dev@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2007-07-15 18:09 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-15 13:02 [gentoo-dev] PHP security status Hanno Böck
2007-07-15 13:43 ` Christian Heim
2007-07-15 18:06 ` Sune Kloppenborg Jeppesen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox