Correction to CVE-2015-3330 information

To: debian-security-tracker@lists.debian.org
Subject: Correction to CVE-2015-3330 information
From: Will Aoki <waoki@umnh.utah.edu>
Date: Mon, 1 Jun 2015 14:31:15 -0600
Message-id: <[🔎] 20150601203115.GQ23238@umnh.utah.edu>

https://security-tracker.debian.org/tracker/CVE-2015-3330 shows
everything but squeeze-lts as vulnerable. There are two corrections I
suggest:

- As I understand it, wheezy isn't affected unless someone has upgraded
  Apache to 2.4.

- This problem was fixed in 5.6.7+dfsg-1, the version currently in
  jessie. The changelog only mentions PHP bugs #68486 and #69218 because
  a CVE number hadn't been issued yet.

-- 
William Aoki     KD7YAF    waoki@umnh.utah.edu    5-1924

Reply to:

Follow-Ups:
- Re: Correction to CVE-2015-3330 information
  - From: Salvatore Bonaccorso <carnil@debian.org>

Next by Date: Re: Correction to CVE-2015-3330 information
Next by thread: Re: Correction to CVE-2015-3330 information
Index(es):
- Date
- Thread