[Secure-testing-team] PHP bugs: fixed or not?
Francesco Poli
frx at firenze.linux.it
Mon Apr 30 17:18:27 UTC 2007
On Mon, 30 Apr 2007 11:23:25 +0200 Florian Weimer wrote:
> * Francesco Poli:
>
> > At the same time, DSA 1283-1[4] claims that this vulnerability is
> > fixed in version 5.2.0-11.
>
> I've looked at the source package, and the patch is contained in it
> and also applied. So I've corrected the tracker to indicate that
> 5.2.0-11 is indeed fixed.
>
> Thanks for reporting this inconsistency.
You're welcome! ;-)
What about the other PHP vulnerabilities?
The following ones are claimed to be fixed for sid in php5 version
5.2.0-11 by DSA 1283-1, but are still considered unfixed in sid by the
tracker:
CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454
CVE-2007-1521 CVE-2007-1583 CVE-2007-1711 CVE-2007-1718 CVE-2007-1824
CVE-2007-1887 CVE-2007-1889 CVE-2007-1900
The following ones are claimed to be fixed for sid in php4 version
4.4.6-1 by DSA 1282-1, but are still considered unfixed in sid by the
tracker:
CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1711 CVE-2007-1718
CVE-2007-1777
--
http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070430/456fc23c/attachment.pgp
More information about the Secure-testing-team
mailing list