[tinysofa-devel] classic 2.0 update 5 plan
Jaakko Heinonen
jh at tinysofa.org
Wed May 10 16:53:18 UTC 2006
On 2006-05-10, Mikael Bak wrote:
> There have been some new php releases fixing security issues the last couple
> of days:
>
> I don't know if there is a patch against 5.0.4. I didn't find one. Also I
> don't know if it's a good idea to swap php version to 5.1.4 when releasing an
> update 5 :-) perhaps not. But on the other hand, browsing the changelog, I
> don't really see why updating to the latest php version would break anything.
> But I'm probably not the right man to tell.
Yes, I am aware of this. Actually I have checked 5.1.4 but upgrading to
it is not trivial. They have changed things for it. (For example pear
packaging.)
Fedora Core 4 is missing too fixes for their 5.0.4. I assume because
backporting the fixes is not easy.
Seems that Suse has backported fixes for following recent CVEs:
CVE-2006-0207
CVE-2006-0208
CVE-2006-0996
CVE-2006-1490
CVE-2006-1494
CVE-2006-1608
I'll try to get the patches from their package unless someone wants to
package and test 5.1.4.
--
Jaakko
More information about the Tinysofa-devel
mailing list