Hi Jorge, > The tool say me that php5.3.3.7 is vulnerable. I guess it's a false positive. I took two CVEs out of your list, and checked the debian security tracker. Both CVEs didn't affected Debian. See [1] and [2] for details. Greetings, Georg [1] http://security-tracker.debian.org/tracker/CVE-2011-3267 [2] http://security-tracker.debian.org/tracker/CVE-2011-3268