[php-maint] Bug#779153: php5: Please package new upstream version 5.4.38 because of CVE-2015-0273
David Mohr
david at mcbf.net
Tue Feb 24 21:55:29 UTC 2015
Package: php5
Version: 5.4.36-0+deb7u3
Severity: normal
Dear Maintainer,
I'm a little concerned that there doesn't seem to be much activity to
package php 5.4.38 which came out with the following announcement about
a week ago:
"
This release fixes several bugs and addresses CVE-2015-0235 and
CVE-2015-0273. All PHP 5.5 users are encouraged to upgrade to this
version.
"
This affects squeeze as well, but I have no idea if a patch is available
for 5.3.
https://security-tracker.debian.org/tracker/CVE-2015-0273
Is there a particular reason for this delay?
Thanks,
~David
-- System Information:
Debian Release: 7.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.12.20-x86_64-jb1 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5 depends on:
ii libapache2-mod-php5 5.4.36-0+deb7u3
ii php5-common 5.4.36-0+deb7u3
ii php5-fpm 5.4.36-0+deb7u3
php5 recommends no packages.
php5 suggests no packages.
-- no debconf information
More information about the pkg-php-maint
mailing list