vulnerable php-5.0.5-2.1 in fedora-updates-testing
Jesse Keating
jkeating at j2solutions.net
Fri Jan 6 06:35:34 UTC 2006
On Fri, 2006-01-06 at 13:53 +0900, Kazutoshi Morioka wrote:
> php-5.0.5-2.1 package in testing-repo remains vulnerable.
> It seems that php-5.0.5-2.1 dosen't contain fixes for
> CVE-2005-3388, CVE-2005-3390, CVE-2005-3389, CVE-2005-3353.
> And 5.0.5-2.1 is greater than 5.0.4-10.5 in fedora-updates-released.
> It would be updated to vulnerable php-5.0.5-2.1 if testing were enabled.
> The PHP group recomends updating to 5.1.1 for 5.0.x users.
> So, we can't expect no farther 5.0.x releases.
> I think php-5.0.5-2.1 should be removed from repository.
This will of course be fixed in the final release, but please be aware
that testing or beta/alpha software in rawhide should _not_ be used for
production systems.
--
Jesse Keating RHCE (geek.j2solutions.net)
Fedora Legacy Team (www.fedoralegacy.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20060105/2eb86b48/attachment.sig>
More information about the fedora-test-list
mailing list