On Mon, 22 Apr 2024 09:31:39 +0200 Charlemagne Lasse <charlemagnelasse@gmail.com> wrote: > Hi, > > Can this be backported to older Debian versions via the security repo? > This bug can be used to execute code when using the PHP engine: > > * https://www.offensivecon.org/speakers/2024/charles-fol.html > * https://www.openwall.com/lists/oss-security/2024/04/18/4 > Indeed.. I know that buster is old-old stable, but starting to get nervous that it doesn't contain the fix that Bullseye and Bookworm have. Especially as we approach the date of a security conference that will talk about this issue. Is anyone on the LTS team working on it for Buster? That might also help trickle down to ELTS for Stretch/Jessie?
Attachment:
signature.asc
Description: PGP signature