On Wed, Oct 19, 2011 at 11:54 AM, Jim Lucas <li...@cmsws.com> wrote: > On 10/19/2011 7:00 AM, Jon Watson wrote: > > Hello All, > > > > I am trying to make some sense of this PHP5 security vulnerability notice > > from 18 October 2011: > > > > http://comments.gmane.org/gmane.linux.ubuntu.security.announce/1478 > > <snip>
> This is discussing the packages distributed for Ubuntu X.X. Sounds like > what > you have is your own custom install. If that is the case, the concern may > still > apply, but it is going to be up to you to figure out what the security > issue is > and verify your system in some manor. > Agreed and I guess that is what I am trying to assess. The Ubuntu security notice doesn't go into specifics about the 5.2.x version has the issues other than presumably something earlier than 5.2.4. It would have been most helpful of them to provide some sort of test or at least the full version of the affected release. So, basically hunting around for some confirmation that my version is OK. I also find it odd that there is no accompanying security notice from PHP.net. If this is a security vulnerability in PHP 5 as reported by Canonical, why has PHP.net not released a security notice?
