[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php5: many of the "open unimportant issues" would seem to be fixed?

On Tue, Apr 24, 2012 at 6:07 AM, Chris Butler wrote:
>> What is this exactly based on? Cause the CVE id description is unfortunately
>> not very reliable.
>
> Ah, I wasn't aware of that, thanks for the heads-up. It was mostly based on
> looking at the description, although a couple of the ones I picked at random
> were also listed as fixed in the PHP changelog pre-5.3.3..
>
> It was just a quick scan of the list at the time, as I didn't have time to
> go into detail. I started having a closer look through the list last night,
> and will let the list know once I've got some more useful/accurate data...

If you want to help, you can check against reference information like
patches that you can find by researching links available on the
security tracker (http://security-tracker.debian.org).

Also, once you've done the research, all DDs should be able to commit
information directly to the security tracker repo now:
http://anonscm.debian.org/viewvc/secure-testing/

Best wishes,
Mike
Reply to: