SOLVED security update on debian 6
Reading changelogs... Done
php5 (5.3.3-7+squeeze5) squeeze-security; urgency=high
* The following new directives were added as part of security fixes:
- max_input_vars - specifies how many GET/POST/COOKIE input variables
may be accepted. Default value is set to 1000.
- xsl.security_prefs - define forbidden operations within XSLT
stylesheets. Write operations are now disabled by default.
-- Ondřej Surý <ondrej@debian.org>Mon, 23 Jan 2012 12:22:26 +0100
php5 (5.3.3-7+squeeze4) squeeze-security; urgency=low
* Updated blowfish crypt() algorithm fixes the 8-bit character handling
vulnerability (CVE-2011-2483) and adds more self-tests. Unfortunately
this change is incompatible with some old (wrong) generated hashes for
passwords containing 8-bit characters. Therefore the new salt prefix
'$2x/ondrej@debian.org> was introduced which can be used as a replacement for '$2a/ondrej@debian.org>
salt prefix in the password database in case the incompatibility is
found.
-- Ondřej Surý <ondrej@debian.org>Mon, 04 Jul 2011 10:31:16 +0200
/tmp/tmpDFEwf7 (END)</ondrej@debian.org></ondrej@debian.org>
I'm not quite sure what i need to do after this, it just hangs there.
thanks!
John
