[php-maint] Availability of PHP version 5.3.4 or newer
Bill West
bill at destwin.com
Fri Feb 11 21:11:43 UTC 2011
List of security vulneribilities reported by Security Metrics
(http://www.securitymetrics.com) PCIDSS scan for PHP 5.3.3-7 with status
from http://security-tracker.debian.org/tracker/source-package/php5 as
of February 11, 2011.
Status codes:
O Open item
R Resolved
X Not listed on security-tracker
----------------
cve-2006-7243 O
cve-2010-2094 R
cve-2010-2950 O
cve-2010-3436 X
cve-2010-3709 O
cve-2010-3710 O
cve-2010-3870 O
cve-2010-4150 O
cve-2010-4156 R
cve-2010-4409 R
cve-2010-4645 O
cve-2010-4697 O
cve-2010-4698 X
cve-2010-4699 O
cve-2010-4700 O
cve-2011-0753 X
cve-2011-0754 X
cve-2011-0755 O
----------------
--
Cell: 877-567-7451
Skype: bill.west9
DESTWIN, LLC.
887 Main Street, Suite D
Monroe, Connecticut 06468-2800
Toll Free: 877-DESTWIN (877-337-8946)
Local: 203-459-0619
FAX: 203-261-5061
sales at destwin.com
http://www.destwin.com
Destwin and "Fuel Dealer Solution" are trademarks of DESTWIN, LLC.
-----Original Message-----
From: Raphael Geissert <geissert at debian.org>
To: Ondřej Surý <ondrej at debian.org>
Cc: Bill West <bill at destwin.com>, Mike Lucia <mlucia at destwin.com>,
pkg-php-maint at lists.alioth.debian.org
<pkg-php-maint at lists.alioth.debian.org>, wthomas at intinc.com
<wthomas at intinc.com>
Subject: Re: [php-maint] Availability of PHP version 5.3.4 or newer
Date: Tue, 8 Feb 2011 11:33:02 -0500
On 8 February 2011 14:28, Ondřej Surý <ondrej at debian.org> wrote:
> the 5.3.3-7 is patched to include all security fixes from 5.3.4 and
> 5.3.5. There's no need to worry.
Some more CVE ids have been assigned recently, but none of them are
really urgent.
Enough minor issues have been accumulated, though, so I will work on a
DSA for later this month.
You can check the status of php5 at all times at (or via the debsecan package):
http://security-tracker.debian.org/tracker/source-package/php5
(it doesn't yet contain version information from wheezy, so it's
expected that it says it is "not known to be vulnerable")
Kind regards,
More information about the pkg-php-maint
mailing list