Re: Correction to CVE-2015-3330 information
Hi Will,
On Mon, Jun 01, 2015 at 02:31:15PM -0600, Will Aoki wrote:
> https://security-tracker.debian.org/tracker/CVE-2015-3330 shows
> everything but squeeze-lts as vulnerable. There are two corrections I
> suggest:
>
> - As I understand it, wheezy isn't affected unless someone has upgraded
> Apache to 2.4.
>
> - This problem was fixed in 5.6.7+dfsg-1, the version currently in
> jessie. The changelog only mentions PHP bugs #68486 and #69218 because
> a CVE number hadn't been issued yet.
Thanks for your update. I have marked the fixed version. I have though
not changed the information for wheezy due to the source beeing
affected.
Regards,
Salvatore
Reply to: