On Thu, Feb 28, 2002 at 08:37:45AM -0000, Jeff wrote: > I received this CERT Advisory about 6 hours ago, regarding PHP. > The php website confirms the details: www.php.net > I think this is going to be a problem for us, due to the way > the Debian packaging works - > I guess that the immediate solution in this case is for us to > try to get the unstable Apache 1.3.23 package + an updated > PHP4 4.2.1 package + MySQL, SSL etc to work. mmmm - aint > going to be quick to test this and roll it out into production, > and in the mean time, we have production servers running > a PHP4 that has a now widely known security issue. Oh - and > yes, we could go out of business and not accept data, but > methinks my tenure would be somewhat shortened if I propose > that at our emergency security meeting in an hours time! > Help?
Grab the php4.05 source package, patch and rebuild the package, then distribute. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]