[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: PHP vulnerabilities?

From: Pekka Savola <pekkas netcore fi>
To: Discussion of the Fedora Legacy Project <fedora-legacy-list redhat com>
Subject: Re: PHP vulnerabilities?
Date: Sat, 18 Dec 2004 07:31:25 +0200 (EET)

On Fri, 17 Dec 2004, Marc Deslauriers wrote:

On Fri, 2004-12-17 at 20:41 -0500, Jim Popovitch wrote:
Given the considerable amount of changes in PHP since v4.1.2 (current FL
release), what is the possibility about just releasing a v4.3.10 rpm?
I would say it's highly unlikely we'll update to 4.3.10.

Agree. Update to 4.3.10 would incur *way* too radical change, and we don't want to go there.

We'll probably
wait to see what is done to RHEL 2.1 and other distros. 4.1.2 may not
even be vulnerable to most of the issues...

That is the easiest way. Has anyone actually looked, btw, how well the security patch against 4.3.9 (e.g., from OpenPKG) applies to 4.1.2 (RHL73) or php 4.2 (RHL9) ?

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

Follow-Ups:
- Re: PHP vulnerabilities?
  - From: Marc Deslauriers
- Re: PHP vulnerabilities?
  - From: Michal Jaegermann

References:
- PHP vulnerabilities?
  - From: Jim Popovitch
- Re: PHP vulnerabilities?
  - From: Rob Myers
- Re: PHP vulnerabilities?
  - From: Jim Popovitch
- Re: PHP vulnerabilities?
  - From: Marc Deslauriers

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]