On Wed, February 27, 2013 04:43, Steven Chamberlain wrote: > Dear Security Team, > > In the tracker, CVE-2011-1092 and CVE-2011-1148 "in PHP before 5.3.6" > are correctly shown as fixed in 5.3.3-7+squeeze14. But 5.4.4-13 is > still suggested as being vulnerable. > > The upstream changelog for 5.4.4 > (/usr/share/doc/php5-common/changelog.gz) indicates that the > corresponding bugs were fixed (#54193 and #54238, according to the NVD). > > Here are the specific commits, made to the 5.3 branch, and also to the > SVN trunk which became 5.4.0 alpha 1: > > http://svn.php.net/viewvc?view=revision&revision=309018 > http://svn.php.net/viewvc?view=revision&revision=310194 > > Please kindly mark php5 versions >= 5.4.0 as fixed.
Thanks, confirmed and done. They we're probably not tracked earlier because we don't consider them important issues. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/3617bee7ea763c0c405857e1e72632a3.squir...@aphrodite.kinkhorst.nl