Summary: | <dev-lang/php-{5.5.32,5.6.18,7.0.3}: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tomáš Mózes <hydrapolic> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 577376 | ||
Bug Blocks: | 574238 |
Description
Tomáš Mózes
2016-02-05 06:01:51 UTC
Thanks, let's include php-7.0.3 in this too: http://www.php.net/ChangeLog-7.php#7.0.3 Fixed versions are in the tree: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1bd543020b616c0cec56007ee7b2c3c4900b9f7 Thank you Michael. I'm using 5.6.18 for several days on production server. Works fine for me. Any plans for stabilization? Arches, please stabilize: =dev-lang/php-5.5.32 stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 =dev-lang/php-5.6.18 stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 no
>>> Creating Manifest for /home/zlogene/gentoo/dev-lang/php
dependency.bad [fatal] 28
dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/gnome)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/gnome)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/gnome/systemd)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/gnome/systemd)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/kde)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/kde)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: DEPEND: amd64(default/linux/amd64/13.0/desktop/kde/systemd)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
dev-lang/php/php-5.6.18.ebuild: RDEPEND: amd64(default/linux/amd64/13.0/desktop/kde/systemd)
['>=app-eselect/eselect-php-0.9.1[apache2?,fpm?]']
(In reply to Kristian Fiskerstrand from comment #5) > Arches, please stabilize: > =dev-lang/php-5.5.32 > stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 > > =dev-lang/php-5.6.18 > stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 this also requires =app-eselect/eselect-php-0.9.1 stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 (In reply to Kristian Fiskerstrand from comment #7) > > this also requires > =app-eselect/eselect-php-0.9.1 > stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Yeah, sorry -- I fixed two bugs in revisions of 5.6.17 and 7.0.2 by adding calls to "eselect cleanup..." in pkg_postinst(). To do that I wanted to be sure I had a version of eselect-php that I trust to cleanup. Stabilizing eselect-php-0.9.1 is going to introduce the -DPHP change to stable users, but, 1) It's going to happen eventually. 2) I believe we're fully backwards compatible now (see the news item discussion on -dev). So all things considered, I think eselect-php-0.9.1 can be stabilized too. I would have liked it to sit in ~arch a little longer, but find me 30 days where PHP doesn't have a security bug... Stable on alpha. amd64 stable Stable for HPPA PPC64. @arches, please stabilize. x86 stable ppc stable sparc stable ia64 stable This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F). |