[php-maint] Availability of PHP version 5.3.4 or newer

Sean Finney seanius at debian.org
Sun Feb 13 16:06:49 UTC 2011


Hi Bill,

In case it hasn't already been said, extra eyes on the security status
of our packages are always welcome :)

On Fri, 2011-02-11 at 18:50 -0500, Bill West wrote:
> link for a particular CVE is obvious. Here are the items that are not
> yet fixed. I will review each of these with our security team including
> the firm that performs our independent PCIDSS scans to determine if
> these involve critical vulnerabilities related to payment card
> processing.

You might also want to take a quick look at 

	/usr/share/doc/php5-common/README.Debian.security

which fairly clearly states how we decide whether any given PHP security
issue is worth our time.


	sean

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20110213/3f27ce54/attachment.pgp>


More information about the pkg-php-maint mailing list