Re: Debian PHP upgrade

To: Andile Ntebe <ANtebe@Acceleration.biz>
Cc: debian-devel@lists.debian.org
Subject: Re: Debian PHP upgrade
From: Frederic Peters <fpeters@debian.org>
Date: Wed, 25 Mar 2015 15:09:20 +0100
Message-id: <[🔎] 20150325140920.GA3796@0d.be>
In-reply-to: <[🔎] 26CB39B0-70E1-487F-988C-07AF6B0A384E@acceleration.biz>
References: <[🔎] AM3PR06MB1187A1054F30FFBCE18041DED20D0@AM3PR06MB1187.eurprd06.prod.outlook.com> <[🔎] 20150323075942.GA29714@lorien.valinor.li> <[🔎] 1427211878.4170159.244603634.39FB1A34@webmail.messagingengine.com> <[🔎] AM3PR06MB1187B5494B1196C3C4126C3DD20B0@AM3PR06MB1187.eurprd06.prod.outlook.com> <[🔎] b6c9b41536487ba6807a2a9949f3e66d@mowgli.jungle.funky-badger.org> <[🔎] 77F52449-5915-41CD-88C2-B52A79BE96AC@acceleration.biz> <[🔎] 2095e7c6881ef0fac1aa48cb396f4ba0@mowgli.jungle.funky-badger.org> <[🔎] 26CB39B0-70E1-487F-988C-07AF6B0A384E@acceleration.biz>

Hi Andile,


> Im not sure why Gareth said PHP, I’m referring to Apache 2.2.22.
> 
> The below vulnerabilities seem to affect this version:
> 
> CVE-2014-0231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231>
> ...

As Paul noted earlier, you can use https://security-tracker.debian.org/
to look for particular CVE; for exemple you'll get this one at:

  https://security-tracker.debian.org/tracker/CVE-2014-0231

And you will note it's been fixed.


The Debian security policy is to get the fix in the existing versions,
to minimise changes and reduce the risks of unexpected changes; that
is why you will see older version numbers in Debian.  That doesn't
mean the security issues are not fixed.

You can read more about this point, and other aspects of security in
Debian, in the security FAQ:

  http://www.debian.org/security/faq.en.html#oldversion


Regards,

        Fred

Reply to:

References:
- Debian PHP upgrade
  - From: Gareth Webb <gwebb@Acceleration.biz>
- Re: Debian PHP upgrade
  - From: Salvatore Bonaccorso <carnil@debian.org>
- Re: Debian PHP upgrade
  - From: Ondřej Surý <ondrej@sury.org>
- RE: Debian PHP upgrade
  - From: Gareth Webb <gwebb@Acceleration.biz>
- RE: Debian PHP upgrade
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Debian PHP upgrade
  - From: Andile Ntebe <ANtebe@Acceleration.biz>
- Re: Debian PHP upgrade
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Re: Debian PHP upgrade
  - From: Andile Ntebe <ANtebe@Acceleration.biz>

Prev by Date: Re: Debian PHP upgrade
Next by Date: Re: Debian PHP upgrade
Previous by thread: Re: Debian PHP upgrade
Next by thread: Re: Debian PHP upgrade
Index(es):
- Date
- Thread