[blfs-dev] Upcoming BLFS-7.5 release : security issues
pierre.labastie at neuf.fr
Mon Mar 3 14:25:24 PST 2014
Le 03/03/2014 22:52, Bruce Dubbs a écrit :
> Pierre Labastie wrote:
>> Two points, which I'd like to raise before the release:
>> 1. MIT Kerberos:
>> You may remember that I had some difficulty with tests in MIT Kerberos. I
>> reported upstream and this lead to the following two commits:
>> I do not know whether it may be considered a security issue, but since it
>> makes the database code loop forever, I guess it could...
>> If you are OK, I can make a patch and update the instructions.
> Absolutely. Please do that.
>> 2. PHP fileinfo extension:
>> An issue has been discovered in the libmagic code
>> See also http://mx.gw.com/pipermail/file/2014/001327.html
>> It is corrected in file 5.17, but PHP ships a modified version of libmagic,
>> which is also affected. It is used in the fileinfo extension. Upstream has
>> corrected this on Feb 18, so after the last stable release. See the commit at:
>> (put on one line)
>> I have not had time to investigate more. Is fileinfo extension built in our build?
> I haven't built php lately, but from my log of an older version, I'd say
> -- Bruce
Shall make both patches, and update instructions tomorrow (getting late here),
while you'll be sleeping on the other side of the pond...
More information about the blfs-dev