[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload

On Thu, Feb 28, 2002 at 01:25:25PM +0200, Dmitry Borodaenko wrote:
> Does apt from potato (0.3.19) support Pinning? I don't think so. Thus,
> you will need to upgrade your apt manually first.
> 
> On Thu, Feb 28, 2002 at 10:37:00AM +0100, Lupe Christoph wrote:
> > If you want to run more up to date packages, you have to
> > get them from the "testing", aka Woody release, or even from
> > "unstable", aka Sid.

None of which solves the problem of "How do I secure my
servers?". Installing unstable packages is in no sense a solution, for
people doing serious security setups.

The normal solution in debian is to backport a fix to stable. I see
php.org has a patch for php 4.0.6, this can probably be backported to
4.0.3/4.0.5 fairly easily.

-- 
  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ | Dept. of Computing,
 `. `'                          | Imperial College,
   `-             -><-          | London, UK
Reply to: