Gentoo Archives: gentoo-dev

From: "Hanno Böck" <hanno@g.o>
To: gentoo-dev@g.o
Cc: Christian Hoffmann <christian@××××××.info>, chtekk@g.o
Subject: [gentoo-dev] PHP security status
Date: Sun, 15 Jul 2007 13:06:19
1 Hi,
3 At the moment, we have a quite problematic situation with the php ebuilds. Due
4 to various people doing research on php-issues, there has been a vast number
5 of security issues in the last months (mopb and others).
7 We still have 5.2.2 in the tree. A user, christian hoffmann, is maintaining
8 some ebuilds in the php-experimental-overlay. They've, from what I know,
9 fixed nearly all issues, beside one openbasedir-bypass, where we fail to find
10 a patch (CVE-2007-3378).
12 Now, chtekk has been very rarely available lately. chtekk, could you raise
13 your voice and tell us if you'll be back soon or if we could merge stuff
14 without you in the meantime.
15 Christian is doing a quite well job in the overlay. I'd prefer if we could
16 merge his work into the main tree. I could do that, although I'd prefer to
17 get some review from other devs. php is a hell to maintain I think.
19 --
20 Hanno Böck Blog:
21 GPG: 3DBD3B20 Jabber: jabber@××××××.de


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-dev] PHP security status Christian Heim <phreak@g.o>
Re: [gentoo-dev] PHP security status Sune Kloppenborg Jeppesen <jaervosz@g.o>