[php-maint] Bug#704764: php5: CVE-2011-1398 results in PCI compliance scan fail
Ronny Adsetts
ronny.adsetts at amazinginternet.com
Fri Apr 5 15:37:00 UTC 2013
Package: php5
Version: 5.3.3-7+squeeze15
Severity: important
CVE-2011-1398 is unfixed in Debian Squeeze and is classified by Trustwave.com
as a PCI compliance scan fail. As far as I can tell there's no way to mitigate
the problem short of building my own packages with upstream patches. I'm not
sure that this is within my capabilities as the initial fixes for this issue
were I think incomplete and resulted in CVE-2012-4388.
I've searched the Debian bugs for PHP and can't find reference to this issue.
Is there a change that CVE-2011-1398 (and therefore CVE-2012-4388) will be
fixed for Debian Squeeze with a security release?
Thanks.
Ronny
-- System Information:
Debian Release: 6.0.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5 depends on:
ii libapache2-mod-php5 5.3.3-7+squeeze15 server-side, HTML-embedded scripti
ii php5-common 5.3.3-7+squeeze15 Common files for packages built fr
php5 recommends no packages.
php5 suggests no packages.
-- no debconf information
More information about the pkg-php-maint
mailing list