[Secure-testing-team] PHP bugs: fixed or not?
Francesco Poli
frx at firenze.linux.it
Tue May 1 09:43:21 UTC 2007
On Tue, 1 May 2007 01:49:38 +0200 Moritz Muehlenhoff wrote:
> sean finney wrote:
[...]
> > i *think* CVE-2007-1711 is already fixed in the version of the patch
> > we have for CVE-2007-0910. are you basing your finding on looking
> > at the patch/changelog, or have you confirmed it's actually
> > vulnerable? my test poc doesn't seem to work anyway.
>
> Are we talking about php5? CVE-2007-1711 is php4 only.
php4 only?
Then why is it listed in DSA 1283-1, which is about php5?
--
http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html
Need to read a Debian testing installation walk-through?
..................................................... Francesco Poli .
GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070501/b4f0ab27/attachment.pgp
More information about the Secure-testing-team
mailing list