[php-maint] php5: CVE-2011-1092 and CVE-2011-1148

Steven Chamberlain steven at pyro.eu.org
Wed Feb 27 03:43:43 UTC 2013

Dear Security Team,

In the tracker, CVE-2011-1092 and CVE-2011-1148 "in PHP before 5.3.6"
are correctly shown as fixed in 5.3.3-7+squeeze14.  But 5.4.4-13 is
still suggested as being vulnerable.

The upstream changelog for 5.4.4
(/usr/share/doc/php5-common/changelog.gz) indicates that the
corresponding bugs were fixed (#54193 and #54238, according to the NVD).

Here are the specific commits, made to the 5.3 branch, and also to the
SVN trunk which became 5.4.0 alpha 1:


Please kindly mark php5 versions >= 5.4.0 as fixed.

Steven Chamberlain
steven at pyro.eu.org

More information about the pkg-php-maint mailing list