[php-maint] squeeze/php 5
ondrej at debian.org
Mon May 9 09:48:40 UTC 2011
a) please be specific and don't believe checks based on purely version numbers
b) please read php5 changelog, many CVEs are already fixed
c) you can also check:
d) there is no php 5.4
e) no we don't plan to upload new versions to squeeze, just fix security bugs.
On Mon, May 9, 2011 at 11:26, Rene Bleisch <rene.bleisch at iap.unibe.ch> wrote:
> I am administrator of the computer network of an university research group.
> Among others we have a webserver hosting our websites (debian-squeeze).
> The IT-branch of the university makes an automatical security scan (nessus)
> of all machines of the university detecting possible security holes.
> One of this scans recently revealed, that the php-Version we used (5.2.?)
> had some security holes, therefore we upgraded the server from lenny to
> squeeze, but now the securitiy scan still detects possible security holes
> :-( and indeed php 5.3.3-7 seems to suffer under some problems. (I surely
> don't wanna blame debian, because this are bugs/problems of php itself)
> My question: are you planning or already working on a new version of the
> debian-squeeze-php package (with php 5.4.), which finally seems to be secure
> (at least in the moment)? If not, I would highly encourage you to do so, as
> it seems really to be an important security issue.
> Kind regards
> René Bleisch
> René Bleisch
> Institute of Applied Physics
> University of Bern
> 3012 Bern
> Phone: +41 31 631 89 59
> Mail: rene.bleisch at iap.unibe.ch
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
Ondřej Surý <ondrej at sury.org>
More information about the pkg-php-maint