Re: php vulnerability
Rainer Dorsch wrote:
> Hello,
>
> I just got an email from our central computing center, that our web servers
> run a version of apache/php which is vulnerable. Usually Debian is very good
> on security issues and I thought Debian might have patched our system and the
> computer center has only scanned the software version. But I did not see any
> security update on php in Debian.
Sorry, not enough time. We worked on the issue since it was known.
> I checked lwn.net and found that redhat, suse, and mandrake have made
> available security patches. I am wondering, if Debian is not vulnerable, if
> the patch is very closed to be release, or if we have to enable the described
> work arounds.
We are vulnerable. Please stay calm (hope you can) and expect new packages
soon.
Regards,
Joey
--
All language designers are arrogant. Goes with the territory...
-- Larry Wall
Please always Cc to me when replying to me on the lists.
Reply to: