Package: php5-common Version: 5.3.3-7+squeeze3 Severity: serious Tags: security X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org --- Please enter the report below this line. --- When i try to update php5-common and related packages, from Version: 5.3.3-7+squeeze3 to 5.3.3-7+squeeze7, i get the following info: WARNING: terminal is not fully functional/tmp/tmpcnqGaJ (press RETURN). After pressing return, the following is displayed: php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high * The following new directives were added as part of security fixes: - max_input_vars - specifies how many GET/POST/COOKIE input variables may be accepted. Default value is set to 1000. - xsl.security_prefs - define forbidden operations within XSLT stylesheets. Write operations are now disabled by default. -- Ond?ej Sur? <ondrej at debian.org> Mon, 23 Jan 2012 12:22:26 +0100 php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low * Updated blowfish crypt() algorithm fixes the 8-bit character handling vulnerability (CVE-2011-2483) and adds more self-tests. Unfortunately this change is incompatible with some old (wrong) generated hashes for passwords containing 8-bit characters. Therefore the new salt prefix ''$2x$'' was introduced which can be used as a replacement for ''$2a$'' salt prefix in the password database in case the incompatibility is found. -- Ond?ej Sur? <ondrej at debian.org> Mon, 04 Jul 2011 10:31:16 +0200/tmp/tmp2PNfKm (END) The terminal hangs and nothing is udated. Same with apt and synaptic. --- System information. --- Architecture: amd64 Kernel: Linux 2.6.32-5-amd64 Debian Release: 6.0.4 500 stable-updates mirror.switch.ch 500 stable security.debian.org 500 stable mirror.switch.ch --- Package information. --- Depends (Version) | Installed ========================-+-============sed (>= 4.1.1-1) | 4.2.1-7 libc6 (>= 2.4) | 2.11.3-2 Recommends (Version) | Installed ===========================-+-==========php5-suhosin | 0.9.32.1-1 Package''s Suggests field is empty.