[Secure-testing-team] PHP bugs: fixed or not?
Francesco Poli
frx at firenze.linux.it
Sun Apr 29 21:31:42 UTC 2007
Hi!
I noticed what seems to be an inconsistency between the security bug
tracker[1] and a DSA.
Many PHP5 bugs are still listed by the tracker[2] as present in
unstable, but many of them are claimed to be fixed in version 5.2.0-11
(which is currently in sid) by DSA 1283-1.
For instance, the tracker page for CVE-2007-1700[3] says:
| php5 (PTS) etch 5.2.0-8+etch1 vulnerable
| etch (security) 5.2.0-8+etch3 fixed
| lenny 5.2.0-10 vulnerable
| sid 5.2.0-11 vulnerable
At the same time, DSA 1283-1[4] claims that this vulnerability is fixed
in version 5.2.0-11.
Who's wrong? Who's right? I think all the PHP bugs in the tracker
should be reviewed to check the consistency of the provided information
with DSAs and the BTS...
[1] http://security-tracker.debian.net/tracker/
[2] http://security-tracker.debian.net/tracker/status/release/unstable
[3] http://security-tracker.debian.net/tracker/CVE-2007-1700
[4] http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00039.html
--
http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070429/655d1b60/attachment.pgp
More information about the Secure-testing-team
mailing list