[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PCI vulnerability scan - PHP4 on Sarge

The pcre patches mention fixes to the library and to python2.1, 2.2 and 2.3, but not php4.

Florian Weimer wrote:
* William Chipman:

We had a scan of our systems for PCI compliance and received warnings
about PHP 4.4.3-10-22.
I checked the archives and found that the following CVE reports were
not covered by the comments
leading up to 4.4.3-10-22:


Do you mean CVE-2005-2491?  This should have been fixed by a PCRE

What's your audit methodology?

William D. Chipman
Infrastructure Manager
JSA Technologies, Inc.
201 Main Street, Suite 1320
Fort Worth, Tx. 76102


Reply to: