On Wed, February 27, 2013 04:43, Steven Chamberlain wrote:
> Dear Security Team,
>
> In the tracker, CVE-2011-1092 and CVE-2011-1148 "in PHP before 5.3.6"
> are correctly shown as fixed in 5.3.3-7+squeeze14. But 5.4.4-13 is
> still suggested as being vulnerable.
>
> The upstream changelog for 5.4.4
> (/usr/share/doc/php5-common/changelog.gz) indicates that the
> corresponding bugs were fixed (#54193 and #54238, according to the NVD).
>
> Here are the specific commits, made to the 5.3 branch, and also to the
> SVN trunk which became 5.4.0 alpha 1:
>
> http://svn.php.net/viewvc?view=revision&revision=309018
> http://svn.php.net/viewvc?view=revision&revision=310194
>
> Please kindly mark php5 versions >= 5.4.0 as fixed.
Thanks, confirmed and done. They we're probably not tracked earlier
because we don't consider them important issues.
Cheers,
Thijs
--
To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/3617bee7ea763c0c405857e1e72632a3.squir...@aphrodite.kinkhorst.nl
