[php-maint] squeeze/php 5
rene.bleisch at iap.unibe.ch
Mon May 9 09:26:57 UTC 2011
I am administrator of the computer network of an university research group.
Among others we have a webserver hosting our websites (debian-squeeze).
The IT-branch of the university makes an automatical security scan
(nessus) of all machines of the university detecting possible security
One of this scans recently revealed, that the php-Version we used
(5.2.?) had some security holes, therefore we upgraded the server from
lenny to squeeze, but now the securitiy scan still detects possible
security holes :-( and indeed php 5.3.3-7 seems to suffer under some
problems. (I surely don't wanna blame debian, because this are
bugs/problems of php itself)
My question: are you planning or already working on a new version of the
debian-squeeze-php package (with php 5.4.), which finally seems to be
secure (at least in the moment)? If not, I would highly encourage you to
do so, as it seems really to be an important security issue.
Institute of Applied Physics
University of Bern
Phone: +41 31 631 89 59
Mail: rene.bleisch at iap.unibe.ch
More information about the pkg-php-maint