[php-maint] Bug#779153: php5: Please package new upstream version 5.4.38 because of CVE-2015-0273

David Mohr david at mcbf.net
Tue Feb 24 21:55:29 UTC 2015

Package: php5
Version: 5.4.36-0+deb7u3
Severity: normal

Dear Maintainer,

I'm a little concerned that there doesn't seem to be much activity to
package php 5.4.38 which came out with the following announcement about
a week ago:

This release fixes several bugs and addresses CVE-2015-0235 and
CVE-2015-0273. All PHP 5.5 users are encouraged to upgrade to this

This affects squeeze as well, but I have no idea if a patch is available
for 5.3.


Is there a particular reason for this delay?


-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.12.20-x86_64-jb1 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages php5 depends on:
ii  libapache2-mod-php5  5.4.36-0+deb7u3
ii  php5-common          5.4.36-0+deb7u3
ii  php5-fpm             5.4.36-0+deb7u3

php5 recommends no packages.

php5 suggests no packages.

-- no debconf information

More information about the pkg-php-maint mailing list