Re: php vulnerability

To: Rainer Dorsch <rainer.dorsch@informatik.uni-stuttgart.de>
Cc: debian-devel@lists.debian.org
Subject: Re: php vulnerability
From: Martin Schulze <joey@infodrom.org>
Date: Fri, 1 Mar 2002 19:03:36 +0100
Message-id: <[🔎] 20020301180336.GX13234@finlandia.infodrom.north.de>
In-reply-to: <[🔎] E16goXt-00057I-00@rai21.informatik.uni-stuttgart.de>
References: <[🔎] E16goXt-00057I-00@rai21.informatik.uni-stuttgart.de>

Rainer Dorsch wrote:
> Hello,
> 
> I just got an email from our central computing center, that our web servers 
> run a version of apache/php which is vulnerable. Usually Debian is very good 
> on security issues and I thought Debian might have patched our system and the 
> computer center has only scanned the software version. But I did not see any 
> security update on php in Debian.

Sorry, not enough time.  We worked on the issue since it was known.

> I checked lwn.net and found that redhat, suse, and mandrake have made 
> available security patches. I am wondering, if Debian is not vulnerable, if 
> the patch is very closed to be release, or if we have to enable the described 
> work arounds.

We are vulnerable.  Please stay calm (hope you can) and expect new packages
soon.

Regards,

	Joey

-- 
All language designers are arrogant.  Goes with the territory...
	-- Larry Wall

Please always Cc to me when replying to me on the lists.

Reply to:

Follow-Ups:
- Re: php vulnerability
  - From: Rainer Dorsch <rainer.dorsch@informatik.uni-stuttgart.de>

References:
- php vulnerability
  - From: Rainer Dorsch <rainer.dorsch@informatik.uni-stuttgart.de>

Prev by Date: Re: Question about NMU [was Re: Request for NMUs]
Next by Date: Re: /var/games/package must be 770
Previous by thread: php vulnerability
Next by thread: Re: php vulnerability
Index(es):
- Date
- Thread