From upstream changelog: "Fixed potential XSS in apc.php (Pierre, Matt Chapman)" I consider this very minor (apc.php is just an additional debugging tool that doesn't get installed anywhere by default), but still we should track it as a security issue. PHP-team, I'd suggest changing the stabilization target in bug #336869 to go with 3.1.4 instead of 3.1.3_p1.
>>> Compiling source in /var/tmp/portage/dev-php5/pecl-apc-3.1.4/work/APC-3.1.4 ... * Disabling apc-mmap * * Using dev-lang/php-5.2.14 * * * Using dev-lang/php-5.2.14 * * * Using dev-lang/php-5.2.14 * * QA Notice: econf called in src_compile instead of src_configure * econf: updating APC-3.1.4/config.sub with /usr/share/gnuconfig/config.sub * econf: updating APC-3.1.4/config.guess with /usr/share/gnuconfig/config.guess
x86 stable
amd64 done
ppc done
Can you stable php-5.3.3 for amd64 please because in combitation dev-php5/pecl-apc-3.1.4 dev-lang/php-5.2.14 appear bug http://pecl.php.net/bugs/bug.php?id=16966
I get this http://pecl.php.net/bugs/bug.php?id=16966 on 5.3.3-pl1-gentoo Need find fix in svn...
http://svn.php.net/viewvc?view=revision&sortby=log&revision=303274
It seems they released a 3.1.6 version, and it's marked as stable: http://pecl.php.net/package/APC/3.1.6 I suggest to bump the version to 3.1.6 and "ditch" 3.1.5 and less
Ebuilds for pecl-apc-3.1.6 has been commited to CVS
pecl-apc-3.1.4 stabled on sparc. Should I close this now?
Thanks, Michael. (In reply to comment #10) > pecl-apc-3.1.4 stabled on sparc. Should I close this now? > The security team uses [1] and [2] to manage security bugs. And as such, we handle the closure of all security bugs. That said, closing this [noglsa] since it is a Cross-site Scripting vulnerability. [1] http://www.gentoo.org/security/en/vulnerability-policy.xml [2] http://www.gentoo.org/security/en/coordinator_guide.xml
