Re: Debian PHP upgrade

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: Gareth Webb <gwebb@Acceleration.biz>, Ondřej Surý <ondrej@sury.org>, Salvatore Bonaccorso <carnil@debian.org>, "debian-devel@lists.debian.org" <debian-devel@lists.debian.org>
Subject: Re: Debian PHP upgrade
From: Andile Ntebe <ANtebe@Acceleration.biz>
Date: Wed, 25 Mar 2015 13:37:06 +0000
Message-id: <[🔎] 26CB39B0-70E1-487F-988C-07AF6B0A384E@acceleration.biz>
In-reply-to: <[🔎] 2095e7c6881ef0fac1aa48cb396f4ba0@mowgli.jungle.funky-badger.org>
References: <[🔎] AM3PR06MB1187A1054F30FFBCE18041DED20D0@AM3PR06MB1187.eurprd06.prod.outlook.com> <[🔎] 20150323075942.GA29714@lorien.valinor.li> <[🔎] 1427211878.4170159.244603634.39FB1A34@webmail.messagingengine.com> <[🔎] AM3PR06MB1187B5494B1196C3C4126C3DD20B0@AM3PR06MB1187.eurprd06.prod.outlook.com> <[🔎] b6c9b41536487ba6807a2a9949f3e66d@mowgli.jungle.funky-badger.org> <[🔎] 77F52449-5915-41CD-88C2-B52A79BE96AC@acceleration.biz> <[🔎] 2095e7c6881ef0fac1aa48cb396f4ba0@mowgli.jungle.funky-badger.org>

Hi

Im not sure why Gareth said PHP, I’m referring to Apache 2.2.22.

The below vulnerabilities seem to affect this version:

CVE-2014-0231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231>

CVE-2013-5704 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5704>




CVE-2014-0118 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118>

CVE-2014-0226 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226>

CVE-2014-0098 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0098>

CVE-2013-6438 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6438>

CVE-2013-1862 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862>

CVE-2013-1896 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896>

CVE-2012-3499 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499>

CVE-2012-4558 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558>

CVE-2012-2687 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687>

CVE-2012-0883 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883>


Is there a way for us to update to the latest version?

Regards

On 2015/03/25, 1:48 PM, "Adam D. Barratt" <adam@adam-barratt.org.uk> wrote:

>On 2015-03-25 11:22, Andile Ntebe wrote:
>> We have Apache/2.2.22 on our Debian boxes.
>>
>> Ive tried using apt-get update and apt-get upgrade to try and get us
>> onto the latest version but with no success. Is there any other way
>> that we could get Apache updated?
>
>I have to admit I'm confused at this point.
>
>Gareth started by asking about a PHP vulnerability and you are now
>discussing an upgrade to Apache. Please could you confirm exactly which
>vulnerability in which package you believe isn't fixed in which Debian
>package, so that someone can help determine the status?
>
>Regards,
>
>Adam
>

Reply to:

Follow-Ups:
- Re: Debian PHP upgrade
  - From: Paul Wise <pabs@debian.org>
- Re: Debian PHP upgrade
  - From: Andrew Shadura <andrew@shadura.me>
- Re: Debian PHP upgrade
  - From: Frederic Peters <fpeters@debian.org>
- Re: Debian PHP upgrade
  - From: Paul Wise <pabs@debian.org>
- Re: Debian PHP upgrade
  - From: Philip Hands <phil@hands.com>
- Re: Debian PHP upgrade
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- Debian PHP upgrade
  - From: Gareth Webb <gwebb@Acceleration.biz>
- Re: Debian PHP upgrade
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Re: Debian PHP upgrade
  - From: Ondřej Surý <ondrej@sury.org>
- RE: Debian PHP upgrade
  - From: Gareth Webb <gwebb@Acceleration.biz>
- RE: Debian PHP upgrade
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Debian PHP upgrade
  - From: Andile Ntebe <ANtebe@Acceleration.biz>
- Re: Debian PHP upgrade
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Moving a conffile between packages
Next by Date: Re: Debian PHP upgrade
Previous by thread: Re: Debian PHP upgrade
Next by thread: Re: Debian PHP upgrade
Index(es):
- Date
- Thread