Here is a link to an article about the Linux.Darlloz worm in which they said the vulnerability was fixed in May, 2012.
http://www.gmanetwork.com/news/story/337833/scitech/technology/beware-of-new-worm-targeting-linux-pcs-symantec In the gnewsense distro we have php5-cgi 5.3.3-7 +squeeze16(stable-security). I looked at the Debian changelog: http://ftp-master.metadata.debian.org/changelogs//main/p/php5/php5_5.3.3-7+squeeze17_changelog I could not tell which change fixed it, is it the 8 May 2012 fix? _______________________________________________ gNewSense-dev mailing list gNewSense-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/gnewsense-dev