9 Oct
2012
9 Oct
'12
1:49 a.m.
On 09/10/12 12:01, Andrew Worsley wrote:
Debian security tracker reports this is fixed in squeeze(5.3.3-7) but *NOT* in wheezy (5.4.4-7)- see
My next question is where that page is getting its information from, too, because it doesn't look correct to me. I can't find any information anywhere that says CVE-2011-1148 applies to php 5.4. It was fixed in 5.3.7 in August 2011, and version 5.4.4 (the version in wheezy) came out in June 2012. Unless Debian has backported a patch that reintroduced the vulnerability, I am sceptical about it being vulnerable. Cheers, Paul -- Paul Dwerryhouse | PGP Key ID: 0x6B91B584 http://weblog.leapster.org/