[Bug 819587] Re: Please backport PHP 5.3.6-13ubuntu1
Thanks for the additional info, Micah. Looking at that log, it's clear that the security updates/patches already available do handle the *actual* security issues that PHP 5.3.6 addresses. What it doesn't do is change the server's response header; the automated PCI compliance test simply parses PHP/5.3.5-1ubuntu7.2 and sees that 5.3.5 5.3.6, so it fails the server for those latest vulnerabilities. Thus, having a 5.3.6 version of PHP would be helpful. I will use our PCI test provider's dispute form for those patched vulnerabilities and see what happens. -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/819587 Title: Please backport PHP 5.3.6-13ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/natty-backports/+bug/819587/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 819587] Re: Please backport PHP 5.3.6-13ubuntu1
It appears that listing this request as a Security vulnerability is incorrect; backporting 5.3.6 would not necessarily fix any security issues not already fixed via patches to 5.3.5, unless perhaps 5.3.6 already has the CVE-2011-2202 rfc1867_post_handler fix scheduled for 5.3.7. I cannot see a way for me to change this request's details to remove that flag. Perhaps someone else can. ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2202 -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/819587 Title: Please backport PHP 5.3.6-13ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/natty-backports/+bug/819587/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 819587] [NEW] Please backport PHP 5.3.6-13ubuntu1
*** This bug is a security vulnerability *** Public security bug reported: PHP 5.3.6-13ubuntu1 is listed in oneiric; 5.3.5 is latest for natty. http://www.php.net/ says that 5.3.6 fixes at least half a dozen security issues... some of which are causing automated PCI compliance testing (e-commerce) to fail Ubuntu 11.04 servers. (First-time request; apologies if I did it wrong.) ** Affects: natty-backports Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/819587 Title: Please backport PHP 5.3.6-13ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/natty-backports/+bug/819587/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 819587] Re: Please backport PHP 5.3.6-13ubuntu1
(set public visibility because issues are well-known; already disclosed and fixed.) I will do my best to help test; just switched from FreeBSD to Ubuntu, so I'm still getting the hang of this package management scheme. -- You received this bug notification because you are a member of Ubuntu Backporters, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/819587 Title: Please backport PHP 5.3.6-13ubuntu1 To manage notifications about this bug go to: https://bugs.launchpad.net/natty-backports/+bug/819587/+subscriptions -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports
[Bug 130993] flashplugin-nonfree-9.0.31 is vulnerable CVE-2007-3456
Private bug reported: Could you please update flashplugin-nonfree package to 9.0.48. 9.0.31 is vulnerable. See https://bugs.launchpad.net/bugs/125986 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3456 I'm running flashplugin-nonfree 9.0.48.0.0ubuntu1~7.04.1 (from feisty- updates) on dapper and it seems to work fine. Thanks ** Affects: dapper-backports (upstream) Importance: Undecided Status: New -- flashplugin-nonfree-9.0.31 is vulnerable CVE-2007-3456 https://bugs.launchpad.net/bugs/130993 You received this bug notification because you are a member of Ubuntu Backporters, which is a direct subscriber. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports