[php-maint] Availability of PHP version 5.3.4 or newer

Bill West bill at destwin.com
Tue Feb 8 14:00:16 UTC 2011


Debian PHP package maintainers,

Thanks for your efforts in supporting PHP on Debian. I apologize if this
email is being sent to the wrong place.

PCIDSS scans on our applications running on Debian PHP/Apache2 are
failing due to security issues related to PHP. Currently the newest
version available from Debian in any distribution including experimental
is 5.3.3-7. 

Here is the relevant part of the problem description from our scan
report:

"Synopsis : The remote web server uses a version of PHP that is affected
by multiple flaws. Description : According to its banner, the version of
PHP 5.3 installed on the remote host is older than 5.3.4. Such versions
may be affected by several security issues ...."

The specific issues are those reported on the PHP.net site for the
corresponding versions, which have apparently been fixed in the PHP
5.3.4 and 5.3.5 releases.

Is there any schedule of when a newer version of PHP for Debian will be
available ? Will it be possible to go directly to PHP 5.3.5 and skip
version 5.3.4 ?

Bill West
-- 
Cell: 877-567-7451
Skype: bill.west9

DESTWIN, LLC.
887 Main Street, Suite D
Monroe, Connecticut  06468-2800
Toll Free: 877-DESTWIN (877-337-8946)
Local: 203-459-0619
FAX: 203-261-5061
sales at destwin.com
http://www.destwin.com

Destwin and "Fuel Dealer Solution" are trademarks of DESTWIN, LLC.






More information about the pkg-php-maint mailing list