| Summary: | PHP 5.6.11 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | brtians1, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/653505/ | ||
| Whiteboard: | has_procedure advisory MGA5-64-OK MGA5-32-OK | ||
| Source RPM: | php-5.6.10-1.mga5.src.rpm | CVE: | |
| Status comment: | |||
| Attachments: | Test case I used. you can change the name of the file to any text doc | ||
|
Description
David Walser
2015-07-12 02:34:21 CEST
I could install and try some rudimentary programs. I'm not a PHP guy, but it looks fairly simple, other than installing a webserver, a database and getting them all linked together. CC:
(none) =>
brtians1 well I did something wrong. Suggestions? 4 installation transactions failed There was a problem during the installation: php-dom is needed by php-xmlreader-3:5.6.11-1.mga5.x86_64 php-ctype >= 3:5.6.11 is needed by apache-mod_php-3:5.6.11-1.mga5.x86_64 php-hash >= 3:5.6.11 is needed by apache-mod_php-3:5.6.11-1.mga5.x86_64 php-posix >= 3:5.6.11 is needed by apache-mod_php-3:5.6.11-1.mga5.x86_64 php-session >= 3:5.6.11 is needed by apache-mod_php-3:5.6.11-1.mga5.x86_64 The best way to update is to have php installed, enable updates_testing, update the media (urpmi.update -a or equivalent), make sure updates_testing is marked as an update medium (have to edit /etc/urpmi/urpmi.cfg and add an "update" line for that one), run MageiaUpdate, and make sure all of the 5.6.11-1.mga5 packages are checked (uncheck everything else) and let it update them all. Trying to update them piecemeal will just result in some of the not getting updated, which doesn't work. that's what I did. I'll run the urmpi.update -a again and try again. the second round worked. I verified version of php and ran the hello world routine through apache. Seems to be all tying together. I'll mess with it some more when I have a moment. Brian I tested php Bug #69732 and also tested file reads, by reading a Project Gutenberg Etext of Heart of Darkness into a web-page. I have not tested all functions, but from what I can tell php 5.6.11 is working as designed. I'll post this patch is okay. Whiteboard:
(none) =>
MGA5-64-OK Installed on MGA5 I586 VM. Ran tests for apache and php. Working as designed. Whiteboard:
MGA5-64-OK =>
MGA5-64-OK MGA5-32-OK Created attachment 6877 [details]
Test case I used. you can change the name of the file to any text doc
Advisory needed for this one David please. Indeed, thanks Claire. I haven't seen any clarification on CVEs anywhere, so just a general advisory for now. Advisory: ======================== Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.11, fixing several bugs and security issues. See the upstream Changelog for more details. References: http://php.net/ChangeLog-5.php#5.6.11 Well done Brian for the testing. We normally use various webapps eg. wordpress, moodle, mediawiki, phpmyadmin etc Advisory uploaded. Validating. Please push to 5 updates Thanks Whiteboard:
MGA5-64-OK MGA5-32-OK =>
has_procedure advisory MGA5-64-OK MGA5-32-OK An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0303.html Status:
NEW =>
RESOLVED
David Walser
2015-08-04 22:33:13 CEST
URL:
(none) =>
http://lwn.net/Vulnerabilities/653505/ |