[php-maint] squeeze/php 5
Ondřej Surý
ondrej at debian.org
Mon May 9 09:48:40 UTC 2011
Hi Rene,
a) please be specific and don't believe checks based on purely version numbers
b) please read php5 changelog, many CVEs are already fixed
c) you can also check:
http://security-tracker.debian.org/tracker/source-package/php5
d) there is no php 5.4
e) no we don't plan to upload new versions to squeeze, just fix security bugs.
O.
On Mon, May 9, 2011 at 11:26, Rene Bleisch <rene.bleisch at iap.unibe.ch> wrote:
> Hi,
> I am administrator of the computer network of an university research group.
> Among others we have a webserver hosting our websites (debian-squeeze).
>
> The IT-branch of the university makes an automatical security scan (nessus)
> of all machines of the university detecting possible security holes.
>
> One of this scans recently revealed, that the php-Version we used (5.2.?)
> had some security holes, therefore we upgraded the server from lenny to
> squeeze, but now the securitiy scan still detects possible security holes
> :-( and indeed php 5.3.3-7 seems to suffer under some problems. (I surely
> don't wanna blame debian, because this are bugs/problems of php itself)
>
> My question: are you planning or already working on a new version of the
> debian-squeeze-php package (with php 5.4.), which finally seems to be secure
> (at least in the moment)? If not, I would highly encourage you to do so, as
> it seems really to be an important security issue.
>
> Kind regards
>
> René Bleisch
>
> --
> René Bleisch
> Institute of Applied Physics
> University of Bern
> Sidlerstr.5
> 3012 Bern
> Switzerland
>
> Phone: +41 31 631 89 59
> Mail: rene.bleisch at iap.unibe.ch
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>
--
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/
More information about the pkg-php-maint
mailing list