Danny, I believe this is a re-issue to vocer lenny and sid/wheezy, as the original php5 advisory for this issue was lenny only.
Tomasz On Mon, Feb 06, 2012 at 08:30:19PM +0100, Danny van der Meulen wrote: > *sigh* > > And here we go once again... > > D > > On 02/06/2012 08:21 PM, Thijs Kinkhorst wrote: > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >- ------------------------------------------------------------------------- > >Debian Security Advisory DSA-2403-2 secur...@debian.org > >http://www.debian.org/security/ Thijs Kinkhorst > >February 06, 2012 http://www.debian.org/security/faq > >- ------------------------------------------------------------------------- > > > >Package : php5 > >Vulnerability : code injection > >Problem type : remote > >Debian-specific: no > >CVE ID : CVE-2012-0830 > > > >Stefan Esser discovered that the implementation of the max_input_vars > >configuration variable in a recent PHP security update was flawed such > >that it allows remote attackers to crash PHP or potentially execute > >code. > > > >This update adds packages for the oldstable distribution, which were > >missing from the original advisory. The problem has been fixed in > >version 5.2.6.dfsg.1-1+lenny16, installed into the security archive > >on 3 Feb 2012. > > > >For the stable distribution (squeeze), this problem has been fixed in > >version 5.3.3-7+squeeze7. > > > >For the unstable distribution (sid), this problem has been fixed in > >version 5.3.10-1. > > > >We recommend that you upgrade your php5 packages. > > > >Further information about Debian Security Advisories, how to apply > >these updates to your system and frequently asked questions can be > >found at: http://www.debian.org/security/ > > > >Mailing list: debian-security-annou...@lists.debian.org > >-----BEGIN PGP SIGNATURE----- > >Version: GnuPG v1.4.11 (GNU/Linux) > > > >iQEcBAEBAgAGBQJPMCgcAAoJEOxfUAG2iX57D2UH/1ObFjP57TX0K+iH2n4+1dkN > >73ZMXEEudfZdRmKY2fHl4BcNb7hVGruKPSSnHVWHjgaoIoPPHST5dncSqi1946Km > >oXyOB/eyiYLvhRYKjExRt99GIoC89p8VUsPE8uR3IT5cUsp4nPIQDnhLLnQd4VCk > >Da9m5CzrAGU1RiCilb7IqKVedqQ3ewroDbgVHoRpzvpIkvKNXR3jhZSEvYHB4BQ7 > >qvnmOMNwJ+Dx6ZoS+sZpCBvucubo1nldyFCqqznc9OZMHXIgn7//YQAYcYGDkC8U > >WL35ZubBP5+Vbnoh4Gjm1q5thizvMTZJD13dqY//0swqwEigLT1DodB1WL2Z2Bs= > >=222m > >-----END PGP SIGNATURE----- > > > > > > > -- > To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4f302a4b.90...@ebay.com -- Tomasz M. Ciolek ******************************************************************************* tmc at vandradlabs dot com dot au ******************************************************************************* GPG Key ID: 0x41C4C2F0 GPG Key Fingerprint: 3883 B308 8256 2246 D3ED A1FF 3A1D 0EAD 41C4 C2F0 Key available on good key-servers ******************************************************************************* -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120206210742.ge1...@vandradlabs.com.au