[pkg-php-pear] Bug#762644: wheezy-pu: package php-getid3/1.9.3-1+deb7u2

David Prévot taffit at debian.org
Wed Sep 24 01:22:47 UTC 2014 

Package: release.debian.org
Severity: normal
Tags: wheezy
X-Debbugs-Cc: pkg-php-pear at lists.alioth.debian.org, team at security.debian.org
User: release.debian.org at packages.debian.org
Usertags: pu

Hi,

Follow up on #744893 from a few months ago: upstream adopted a better
fix for CVE-2014-2053, to be published in the upcoming 1.9.9 upstream
version. The fix, cherry-picked from the upstream VCS, is included in
the 1.9.8-2 Debian package, just uploaded to Sid.

Since the security team asked for addressing this via pu instead of a
proper DSA last time, I believe this follow up won’t deserve a DSA
either (security team X-D-CC in case I’m wrong).

Attached the debdiff, and the actual additional patch.

Regards

David

-- System Information:
Debian Release: jessie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (100, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-------------- next part --------------
A non-text attachment was scrubbed...
Name: php-getid3.diff
Type: text/x-diff
Size: 3682 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20140923/b2e0f5ea/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-improved-XXE-fix-CVE-2014-2053.patch
Type: text/x-diff
Size: 1378 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20140923/b2e0f5ea/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20140923/b2e0f5ea/attachment-0001.sig>

More information about the pkg-php-pear mailing list