[php-maint] php5 testing transition
Thijs Kinkhorst
thijs at debian.org
Sun May 6 08:00:42 UTC 2012
On Sat, May 5, 2012 20:49, Adam D. Barratt wrote:
> On Sat, 2012-05-05 at 20:39 +0200, Ondrej Sury wrote:
>> > For some reason I had it in my head that 5.4.2 was the upstream
>> version
>> > with the fixed fix rather than the not-quite fixed fix.
>>
>> I think this is the case (e.g. 5.4.2 is the fixed version).
>
> I assume Thijs was referring to CVE-2012-2311, which covers the fix in
> 5.4.2 being incomplete.
PHP 5.4.2 does not fix the issue. Please see:
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
http://www.php-security.net/archives/9-New-PHP-CGI-exploit-CVE-2012-1823.html
https://twitter.com/i0n1c/status/198158078913417216
Cheers,
Thijs
More information about the pkg-php-maint
mailing list