[blfs-dev] Upcoming BLFS-7.5 release : security issues
bruce.dubbs at gmail.com
Mon Mar 3 13:52:20 PST 2014
Pierre Labastie wrote:
> Two points, which I'd like to raise before the release:
> 1. MIT Kerberos:
> You may remember that I had some difficulty with tests in MIT Kerberos. I
> reported upstream and this lead to the following two commits:
> I do not know whether it may be considered a security issue, but since it
> makes the database code loop forever, I guess it could...
> If you are OK, I can make a patch and update the instructions.
Absolutely. Please do that.
> 2. PHP fileinfo extension:
> An issue has been discovered in the libmagic code
> See also http://mx.gw.com/pipermail/file/2014/001327.html
> It is corrected in file 5.17, but PHP ships a modified version of libmagic,
> which is also affected. It is used in the fileinfo extension. Upstream has
> corrected this on Feb 18, so after the last stable release. See the commit at:
> (put on one line)
> I have not had time to investigate more. Is fileinfo extension built in our build?
I haven't built php lately, but from my log of an older version, I'd say
More information about the blfs-dev