* [gentoo-dev] PHP security status
@ 2007-07-15 13:02 99% Hanno Böck
0 siblings, 0 replies; 1+ results
From: Hanno Böck @ 2007-07-15 13:02 UTC (permalink / raw
To: gentoo-dev; +Cc: Christian Hoffmann, chtekk
[-- Attachment #1: Type: text/plain, Size: 985 bytes --]
Hi,
At the moment, we have a quite problematic situation with the php ebuilds. Due
to various people doing research on php-issues, there has been a vast number
of security issues in the last months (mopb and others).
We still have 5.2.2 in the tree. A user, christian hoffmann, is maintaining
some ebuilds in the php-experimental-overlay. They've, from what I know,
fixed nearly all issues, beside one openbasedir-bypass, where we fail to find
a patch (CVE-2007-3378).
Now, chtekk has been very rarely available lately. chtekk, could you raise
your voice and tell us if you'll be back soon or if we could merge stuff
without you in the meantime.
Christian is doing a quite well job in the overlay. I'd prefer if we could
merge his work into the main tree. I could do that, although I'd prefer to
get some review from other devs. php is a hell to maintain I think.
--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber: jabber@hboeck.de
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2007-07-15 13:02 99% [gentoo-dev] PHP security status Hanno Böck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox