php package for FC1
James Kosin
jkosin at beta.intcomgrp.com
Wed Nov 9 23:19:33 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Jesse Keating wrote:
>On Wed, 2005-11-09 at 18:03 -0500, James Kosin wrote:
>
>>Here is my build source for a possible fix for several security issues
>>with PHP and FC1.
>>Can you review it? Make sure I didn't break anything.
>>
>>http://support.intcomgrp.com/mirror/fedora-core/beta/src/php-4.3.11-1.fc1.3.legacy.src.rpm
>>
>>Thanks,
>>James Kosin
>>
>
>It would be best if you posted it to the list/bugzilla. Did you follow
>the guidlines for Legacy packages? I don't have a lot of free time to
>check this out, that is why I was asking the community to.
>
Jesse,
Ok... I'm CC'ing the list on this one also.
I've built a SRPM for several php vulnorablilities.
(CAN-2005-2498) by replacing the XML_RPC tar file with the latest
from the FC3 release.
I'm going to assume this is legal per the packaging guidelines.
Someone let me know if not.
(CVE-2005-3353, 3388, 3389 and 3390) directly from the FC3 patches.
The FC3 version is basically identical in content as the FC1 version.
So, I'm not adding anything than whet FC3 has fixed in the latest release.
My box in in the process of compiling the binary files. It will not
be finised as of this email.
The source file is here for those fedora-legacy packagers to test and QA.
http://support.intcomgrp.com/mirror/fedora-core/beta/src/php-4.3.11-1.fc1.3.legacy.src.rpm
Thanks,
James Kosin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDcoQFkNLDmnu1kSkRA2uZAJ4wSvnasQMs099k9KAIOZ632p2JPACffav2
IMMvSVLg9M1Zvt7pWRJRMXg=
=T/ar
-----END PGP SIGNATURE-----
--
Scanned by ClamAV - http://www.clamav.net
More information about the fedora-legacy-list
mailing list