[php-maint] php5: CVE-2011-1092 and CVE-2011-1148
Steven Chamberlain
steven at pyro.eu.org
Wed Feb 27 03:43:43 UTC 2013
Dear Security Team,
In the tracker, CVE-2011-1092 and CVE-2011-1148 "in PHP before 5.3.6"
are correctly shown as fixed in 5.3.3-7+squeeze14. But 5.4.4-13 is
still suggested as being vulnerable.
The upstream changelog for 5.4.4
(/usr/share/doc/php5-common/changelog.gz) indicates that the
corresponding bugs were fixed (#54193 and #54238, according to the NVD).
Here are the specific commits, made to the 5.3 branch, and also to the
SVN trunk which became 5.4.0 alpha 1:
http://svn.php.net/viewvc?view=revision&revision=309018
http://svn.php.net/viewvc?view=revision&revision=310194
Please kindly mark php5 versions >= 5.4.0 as fixed.
Thanks,
Regards,
--
Steven Chamberlain
steven at pyro.eu.org
More information about the pkg-php-maint
mailing list