[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

PHP Update .. details

  It's looking like there won't be an update to PHP for Woody, because
 the majority of the PHP issues aren't relevent.

  Initially a few CVE numbers were assigned and then later withdrawn
 when it became clear that the issues could only be exploited by a 
 user who wrote a malicious PHP script - not a remote issue, or too
 serious.  (Given that if you had the ability to write evil PHP code
 you cold just run 'system('rm ..');'.

  So .. there are two CVE IDs that are left:

   - http://www.hardened-php.net/advisories/012004.txt
   - Woody not vulnerable.

   - http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html
   - Woody not vulnerable.

  All other CVE ID's were withdrawn, such as :


  For all those people offering to help by investigating the problems
 or looking at patches - thanks.

  For all those people merely complaining that a new update wasn't
 immediately available .. your patience is appreciated.

  (And for anybody still confused about the worm going around,
 that's something only affecting PHPBB - updated PHP wouldn't help that
 at all anyway).


Reply to: