[php-maint] squeeze/php 5

Rene Bleisch rene.bleisch at iap.unibe.ch
Mon May 9 09:26:57 UTC 2011

I am administrator of the computer network of an university research group.
Among others we have a webserver hosting our websites (debian-squeeze).

The IT-branch of the university makes an automatical security scan 
(nessus) of all machines of the university detecting possible security 

One of this scans recently revealed, that the php-Version we used 
(5.2.?) had some security holes, therefore we upgraded the server from 
lenny to squeeze, but now the securitiy scan still detects possible 
security holes :-( and indeed php 5.3.3-7 seems to suffer under some 
problems. (I surely don't wanna blame debian, because this are 
bugs/problems of php itself)

My question: are you planning or already working on a new version of the 
debian-squeeze-php package (with php 5.4.), which finally seems to be 
secure (at least in the moment)? If not, I would highly encourage you to 
do so, as it seems really to be an important security issue.

Kind regards

René Bleisch

René Bleisch
Institute of Applied Physics
University of Bern
3012 Bern

Phone: +41 31 631 89 59
Mail: rene.bleisch at iap.unibe.ch

More information about the pkg-php-maint mailing list