Re: php5: CVE-2011-1092 and CVE-2011-1148

To: "Steven Chamberlain" <steven@pyro.eu.org>
Cc: debian-security-tracker@lists.debian.org, pkg-php-maint@lists.alioth.debian.org
Subject: Re: php5: CVE-2011-1092 and CVE-2011-1148
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Wed, 27 Feb 2013 09:18:07 +0100
Message-id: <[🔎] 3617bee7ea763c0c405857e1e72632a3.squirrel@aphrodite.kinkhorst.nl>
In-reply-to: <[🔎] 512D80EF.1080602@pyro.eu.org>
References: <[🔎] 512D80EF.1080602@pyro.eu.org>

On Wed, February 27, 2013 04:43, Steven Chamberlain wrote:
> Dear Security Team,
>
> In the tracker, CVE-2011-1092 and CVE-2011-1148 "in PHP before 5.3.6"
> are correctly shown as fixed in 5.3.3-7+squeeze14.  But 5.4.4-13 is
> still suggested as being vulnerable.
>
> The upstream changelog for 5.4.4
> (/usr/share/doc/php5-common/changelog.gz) indicates that the
> corresponding bugs were fixed (#54193 and #54238, according to the NVD).
>
> Here are the specific commits, made to the 5.3 branch, and also to the
> SVN trunk which became 5.4.0 alpha 1:
>
> http://svn.php.net/viewvc?view=revision&revision=309018
> http://svn.php.net/viewvc?view=revision&revision=310194
>
> Please kindly mark php5 versions >= 5.4.0 as fixed.

Thanks, confirmed and done. They we're probably not tracked earlier
because we don't consider them important issues.


Cheers,
Thijs

Reply to:

References:
- php5: CVE-2011-1092 and CVE-2011-1148
  - From: Steven Chamberlain <steven@pyro.eu.org>

Prev by Date: php5: CVE-2011-1092 and CVE-2011-1148
Next by Date: External check
Previous by thread: php5: CVE-2011-1092 and CVE-2011-1148
Index(es):
- Date
- Thread