PHP Update .. details
It's looking like there won't be an update to PHP for Woody, because
the majority of the PHP issues aren't relevent.
Initially a few CVE numbers were assigned and then later withdrawn
when it became clear that the issues could only be exploited by a
user who wrote a malicious PHP script - not a remote issue, or too
serious. (Given that if you had the ability to write evil PHP code
you cold just run 'system('rm ..');'.
So .. there are two CVE IDs that are left:
CAN-2004-1019
- http://www.hardened-php.net/advisories/012004.txt
- Woody not vulnerable.
CAN-2004-1065
- http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
- Woody not vulnerable.
All other CVE ID's were withdrawn, such as :
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1018
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1064
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1063
For all those people offering to help by investigating the problems
or looking at patches - thanks.
For all those people merely complaining that a new update wasn't
immediately available .. your patience is appreciated.
(And for anybody still confused about the worm going around,
that's something only affecting PHPBB - updated PHP wouldn't help that
at all anyway).
Steve
--
www.debian-administration.org
Reply to: