Re: Correction to CVE-2015-3330 information

To: Will Aoki <waoki@umnh.utah.edu>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: Correction to CVE-2015-3330 information
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 1 Jun 2015 23:04:47 +0200
Message-id: <[🔎] 20150601210447.GA27055@eldamar.local>
Mail-followup-to: Will Aoki <waoki@umnh.utah.edu>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] 20150601203115.GQ23238@umnh.utah.edu>
References: <[🔎] 20150601203115.GQ23238@umnh.utah.edu>

Hi Will,

On Mon, Jun 01, 2015 at 02:31:15PM -0600, Will Aoki wrote:
> https://security-tracker.debian.org/tracker/CVE-2015-3330 shows
> everything but squeeze-lts as vulnerable. There are two corrections I
> suggest:
> 
> - As I understand it, wheezy isn't affected unless someone has upgraded
>   Apache to 2.4.
> 
> - This problem was fixed in 5.6.7+dfsg-1, the version currently in
>   jessie. The changelog only mentions PHP bugs #68486 and #69218 because
>   a CVE number hadn't been issued yet.

Thanks for your update. I have marked the fixed version. I have though
not changed the information for wheezy due to the source beeing
affected.

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: Correction to CVE-2015-3330 information
  - From: Salvatore Bonaccorso <carnil@debian.org>

References:
- Correction to CVE-2015-3330 information
  - From: Will Aoki <waoki@umnh.utah.edu>

Prev by Date: Correction to CVE-2015-3330 information
Next by Date: Re: Correction to CVE-2015-3330 information
Previous by thread: Correction to CVE-2015-3330 information
Next by thread: Re: Correction to CVE-2015-3330 information
Index(es):
- Date
- Thread