[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PHP 4.1.2

On 22. Dec 2004, at 23:12 Uhr, Jason Lim wrote:
Little bugfixes and even local exploits... okay... i can understand there 
is less urgency. But for REMOTELY exploitable vulnerabilities, i think
there is a much greater urgency and importance.


For serious PHP deployment you would consider an actual version, not the
one you could find in stable.
I wish we could get an update if they are even _WORKING_ on a PHP update, 
or if they have just thrown in the towel and said "we're not going to
patch this". If thats the case, we'll upgrade, but not otherwise.
By the way Debian relies on the work of volunteers. You are free to backport 
the patches to PHP 4.1.x if you find the time. I see the problems of the
developers. Security problems are not properly announced, fixes are messed into other patches. By the way I bet there are a lot more flaws in this plain 
old version which got fixed on the long way to 4.3.
In my opinion it is not worth to backport PHP 4.3 to stable as sarge *should* 
be released as soon as security team support is available.

Regards,
Philipp Kern
Reply to: