Re: AW: Vulnerable PHP version according to nessus
On 28.12.2011 07:56, Patrick Geschke wrote: Hey, @Maintainers: Whats the overall Status of the package? According to php.net 5.3.8 is stable. 5.3.8 is in both testing and unstable - see http://packages.qa.debian.org/p/php5.html Debian stable doesn't generally get new upstream versions of packages. Regards, Adam -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/f53555ce02d37a0ad7b0ef133d97d...@mail.adsl.funky-badger.org
Re: AW: Vulnerable PHP version according to nessus
On Wed, Dec 28, 2011 at 2:54 AM, Adam D. Barratt a...@adam-barratt.org.uk wrote: On 28.12.2011 07:56, Patrick Geschke wrote: Hey, @Maintainers: Whats the overall Status of the package? According to php.net 5.3.8 is stable. 5.3.8 is in both testing and unstable - see http://packages.qa.debian.org/p/php5.html Debian stable doesn't generally get new upstream versions of packages. Regards, Adam -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/f53555ce02d37a0ad7b0ef133d97d...@mail.adsl.funky-badger.org New upstream version is used pretty loosely here. I would hardly consider a bug fix release a new version. You guys treat versions as if they're a matter of national security, because 5.3.7 vs 5.3.8 is obviously gonna have some major major API changes and some way new features. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAN5oe=0qszhag16cdbzaksctfyf43zm2+wvefystby_emxp...@mail.gmail.com
Re: AW: Vulnerable PHP version according to nessus
* Jordon Bedwell: New upstream version is used pretty loosely here. I would hardly consider a bug fix release a new version. You guys treat versions as if they're a matter of national security, because 5.3.7 vs 5.3.8 is obviously gonna have some major major API changes and some way new features. 5.3.7 to 5.3.8 perhaps not (I didn't check this), but we shipped 5.3.3 in squeeze. Upgrading to 5.3.7 and later would introduce the changed is_a behavior, among other things. We don't want to force such changes upon users, and certainly not in security updates. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87aa6c4fg3@mid.deneb.enyo.de