As a user, I wanted to throw my two cents in. Our security administrator
_is_ considering this particular fix to be critical, and has made it a
required patch. While it's true that this particular fix is protecting
against poorly written PHP scripts, it also appears to be the case that
such poo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Mitchell wrote:
> As a user, I wanted to throw my two cents in. Our security administrator
> _is_ considering this particular fix to be critical, and has made it a
> required patch. While it's true that this particular fix is protecting
> against
Christian Stadler wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Mitchell wrote:
As a user, I wanted to throw my two cents in. Our security administrator
_is_ considering this particular fix to be critical, and has made it a
required patch. While it's true that this particular fix
According to http://lwn.net/Articles/159103/ , it's looking like
Debian is the last major distro without a fix for this. Could perhaps
the recent Ubuntu updates ( http://lwn.net/Alerts/165505/ ), which
were for PHP 4.3.8, be of use to Sarge?
All the best,
Nick.
Hi,
I'm sorry, but I have a question:
Is Sarge / stable going to get an update for these problems?
In particular, CVE-2005-3390 (GLOBALS array overwrite) for PHP, which
I believe Sarge / stable is vulnerable to (CVE entry says it applies
to "PHP 4.x up to 4.4.0"), and it is (IMO) a real-world se
Nick Jenkins wrote:
> According to http://lwn.net/Articles/159103/ , it's looking like
> Debian is the last major distro without a fix for this. Could perhaps
> the recent Ubuntu updates ( http://lwn.net/Alerts/165505/ ), which
> were for PHP 4.3.8, be of use to Sarge?
Yes, I'm preparing updates f
6 matches
Mail list logo
