Re: PCI vulnerability scan - PHP4 on Sarge

To: William Chipman <wchipman@jsatech.com>
Cc: debian-security@lists.debian.org
Subject: Re: PCI vulnerability scan - PHP4 on Sarge
From: Florian Weimer <fw@deneb.enyo.de>
Date: Tue, 18 Dec 2007 12:09:38 +0100
Message-id: <[🔎] 87ve6wi7il.fsf@mid.deneb.enyo.de>
In-reply-to: <[🔎] 47669D20.2030407@jsatech.com> (William Chipman's message of "Mon, 17 Dec 2007 10:00:32 -0600")
References: <[🔎] 47669D20.2030407@jsatech.com>

* William Chipman:

> We had a scan of our systems for PCI compliance and received warnings
> about PHP 4.4.3-10-22.
> I checked the archives and found that the following CVE reports were
> not covered by the comments
> leading up to 4.4.3-10-22:

> 2005-2491

Do you mean CVE-2005-2491?  This should have been fixed by a PCRE
upgrade.

What's your audit methodology?

Reply to:

Follow-Ups:
- Re: PCI vulnerability scan - PHP4 on Sarge
  - From: William Chipman <wchipman@jsatech.com>

References:
- PCI vulnerability scan - PHP4 on Sarge
  - From: William Chipman <wchipman@jsatech.com>

Prev by Date: Re: Squirrelmail archive compromission and version 1.4.9a-2 (in etch)
Next by Date: Re: PCI vulnerability scan - PHP4 on Sarge
Previous by thread: PCI vulnerability scan - PHP4 on Sarge
Next by thread: Re: PCI vulnerability scan - PHP4 on Sarge
Index(es):
- Date
- Thread