On Mon, Nov 26, 2007 at 06:43:39AM +0100, Remi Collet wrote:
Remi Collet a écrit :
> I agree we should push 1.6.x to F7 (it's a security update because pear
> < 1.5.4 as security issues) but we must ask Joe about this.
There is no need to treat CVE-2007-2519 (the bug fixed in 1.5.4) as
security-sensitive; see
https://bugzilla.redhat.com/show_bug.cgi?id=241218
Notes :
- 1.5.0 to 1.6.2 is not a minor update
- it will need a rebuild of all pecl extension
I'm not sure that's really a good idea then. Doing a 1.5.4 update, if
possible, sounds safer.
joe