[php-maint] Availability of PHP version 5.3.4 or newer
Ondřej Surý
ondrej at debian.org
Fri Feb 11 21:33:48 UTC 2011
Again... this has nothing to do with vulnerabilities in the debian
packages, which are patched (and security patches are backported),
see:
http://security-tracker.debian.org/tracker/source-package/php5
O.
On Fri, Feb 11, 2011 at 22:11, Bill West <bill at destwin.com> wrote:
> List of security vulneribilities reported by Security Metrics
> (http://www.securitymetrics.com) PCIDSS scan for PHP 5.3.3-7 with status
> from http://security-tracker.debian.org/tracker/source-package/php5 as
> of February 11, 2011.
>
> Status codes:
>
> O Open item
> R Resolved
> X Not listed on security-tracker
>
> ----------------
> cve-2006-7243 O
> cve-2010-2094 R
> cve-2010-2950 O
> cve-2010-3436 X
> cve-2010-3709 O
> cve-2010-3710 O
> cve-2010-3870 O
> cve-2010-4150 O
> cve-2010-4156 R
> cve-2010-4409 R
> cve-2010-4645 O
> cve-2010-4697 O
> cve-2010-4698 X
> cve-2010-4699 O
> cve-2010-4700 O
> cve-2011-0753 X
> cve-2011-0754 X
> cve-2011-0755 O
> ----------------
>
>
> --
> Cell: 877-567-7451
> Skype: bill.west9
>
> DESTWIN, LLC.
> 887 Main Street, Suite D
> Monroe, Connecticut 06468-2800
> Toll Free: 877-DESTWIN (877-337-8946)
> Local: 203-459-0619
> FAX: 203-261-5061
> sales at destwin.com
> http://www.destwin.com
>
> Destwin and "Fuel Dealer Solution" are trademarks of DESTWIN, LLC.
>
>
> -----Original Message-----
> From: Raphael Geissert <geissert at debian.org>
> To: Ondřej Surý <ondrej at debian.org>
> Cc: Bill West <bill at destwin.com>, Mike Lucia <mlucia at destwin.com>,
> pkg-php-maint at lists.alioth.debian.org
> <pkg-php-maint at lists.alioth.debian.org>, wthomas at intinc.com
> <wthomas at intinc.com>
> Subject: Re: [php-maint] Availability of PHP version 5.3.4 or newer
> Date: Tue, 8 Feb 2011 11:33:02 -0500
>
> On 8 February 2011 14:28, Ondřej Surý <ondrej at debian.org> wrote:
>> the 5.3.3-7 is patched to include all security fixes from 5.3.4 and
>> 5.3.5. There's no need to worry.
>
> Some more CVE ids have been assigned recently, but none of them are
> really urgent.
> Enough minor issues have been accumulated, though, so I will work on a
> DSA for later this month.
>
> You can check the status of php5 at all times at (or via the debsecan package):
> http://security-tracker.debian.org/tracker/source-package/php5
>
> (it doesn't yet contain version information from wheezy, so it's
> expected that it says it is "not known to be vulnerable")
>
> Kind regards,
>
>
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list