public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* [gentoo-dev] PHP security status
@ 2007-07-15 13:02 99% Hanno Böck
  0 siblings, 0 replies; 1+ results
From: Hanno Böck @ 2007-07-15 13:02 UTC (permalink / raw
  To: gentoo-dev; +Cc: Christian Hoffmann, chtekk

[-- Attachment #1: Type: text/plain, Size: 985 bytes --]

Hi,

At the moment, we have a quite problematic situation with the php ebuilds. Due 
to various people doing research on php-issues, there has been a vast number 
of security issues in the last months (mopb and others).

We still have 5.2.2 in the tree. A user, christian hoffmann, is maintaining 
some ebuilds in the php-experimental-overlay. They've, from what I know, 
fixed nearly all issues, beside one openbasedir-bypass, where we fail to find 
a patch (CVE-2007-3378).

Now, chtekk has been very rarely available lately. chtekk, could you raise 
your voice and tell us if you'll be back soon or if we could merge stuff 
without you in the meantime.
Christian is doing a quite well job in the overlay. I'd prefer if we could 
merge his work into the main tree. I could do that, although I'd prefer to 
get some review from other devs. php is a hell to maintain I think.

-- 
Hanno Böck		Blog:   http://www.hboeck.de/
GPG: 3DBD3B20		Jabber: jabber@hboeck.de

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2007-07-15 13:02 99% [gentoo-dev] PHP security status Hanno Böck

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox