[php-maint] Availability of PHP version 5.3.4 or newer

Bill West bill at destwin.com
Fri Feb 11 21:11:43 UTC 2011 

List of security vulneribilities reported by Security Metrics
(http://www.securitymetrics.com) PCIDSS scan for PHP 5.3.3-7 with status
from http://security-tracker.debian.org/tracker/source-package/php5 as
of February 11, 2011.

Status codes:

O Open item
R Resolved
X Not listed on security-tracker

----------------
cve-2006-7243 O
cve-2010-2094 R
cve-2010-2950 O
cve-2010-3436 X
cve-2010-3709 O
cve-2010-3710 O
cve-2010-3870 O
cve-2010-4150 O
cve-2010-4156 R
cve-2010-4409 R
cve-2010-4645 O
cve-2010-4697 O
cve-2010-4698 X
cve-2010-4699 O
cve-2010-4700 O
cve-2011-0753 X
cve-2011-0754 X
cve-2011-0755 O
----------------


-- 
Cell: 877-567-7451
Skype: bill.west9

DESTWIN, LLC.
887 Main Street, Suite D
Monroe, Connecticut  06468-2800
Toll Free: 877-DESTWIN (877-337-8946)
Local: 203-459-0619
FAX: 203-261-5061
sales at destwin.com
http://www.destwin.com

Destwin and "Fuel Dealer Solution" are trademarks of DESTWIN, LLC.


-----Original Message-----
From: Raphael Geissert <geissert at debian.org>
To: Ondřej Surý <ondrej at debian.org>
Cc: Bill West <bill at destwin.com>, Mike Lucia <mlucia at destwin.com>,
pkg-php-maint at lists.alioth.debian.org
<pkg-php-maint at lists.alioth.debian.org>, wthomas at intinc.com
<wthomas at intinc.com>
Subject: Re: [php-maint] Availability of PHP version 5.3.4 or newer
Date: Tue, 8 Feb 2011 11:33:02 -0500

On 8 February 2011 14:28, Ondřej Surý <ondrej at debian.org> wrote:
> the 5.3.3-7 is patched to include all security fixes from 5.3.4 and
> 5.3.5. There's no need to worry.

Some more CVE ids have been assigned recently, but none of them are
really urgent.
Enough minor issues have been accumulated, though, so I will work on a
DSA for later this month.

You can check the status of php5 at all times at (or via the debsecan package):
http://security-tracker.debian.org/tracker/source-package/php5

(it doesn't yet contain version information from wheezy, so it's
expected that it says it is "not known to be vulnerable")

Kind regards,

More information about the pkg-php-maint mailing list