** Changed in: natty-backports
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Backporters, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/819587
Title:
Please backport PHP 5.3.6-13ubuntu1
To manage notifi
That CVE is being tracked in Bug #813115. I'll leave this open as
Incomplete for the moment.
** This bug is no longer flagged as a security vulnerability
** CVE removed: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-2202
--
You received this bug notification because you are a member
It appears that listing this request as a "Security vulnerability" is
incorrect; backporting 5.3.6 would not necessarily fix any security
issues not already fixed via patches to 5.3.5, unless perhaps 5.3.6
already has the CVE-2011-2202 rfc1867_post_handler fix scheduled for
5.3.7. I cannot see a wa
Thanks for the additional info, Micah. Looking at that log, it's clear
that the security updates/patches already available do handle the
*actual* security issues that PHP 5.3.6 addresses.
What it doesn't do is change the server's response header; the automated
PCI compliance test simply parses "PH
Thank you for requesting this backport. Ubuntu backports are generally
requested to pull new features into stable releases. php5 will receive
security updates from the Ubuntu security team when appropriate to fix open
vulnerabilities. In fact, 11.04 has already received one such update:
htt
(set public visibility because issues are well-known; already disclosed
and fixed.) I will do my best to help test; just switched from FreeBSD
to Ubuntu, so I'm still getting the hang of this package management
scheme.
--
You received this bug notification because you are a member of Ubuntu
Backp
