Re: PCI vulnerability scan - PHP4 on Sarge

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-security@lists.debian.org
Subject: Re: PCI vulnerability scan - PHP4 on Sarge
From: William Chipman <wchipman@jsatech.com>
Date: Tue, 18 Dec 2007 06:14:26 -0600
Message-id: <[🔎] 4767B9A2.1020800@jsatech.com>
In-reply-to: <[🔎] 87ve6wi7il.fsf@mid.deneb.enyo.de>
References: <[🔎] 47669D20.2030407@jsatech.com> <[🔎] 87ve6wi7il.fsf@mid.deneb.enyo.de>

The pcre patches mention fixes to the library and to python2.1, 2.2 and2.3, but not php4.

   bc

Florian Weimer wrote:

* William Chipman:

We had a scan of our systems for PCI compliance and received warnings
about PHP 4.4.3-10-22.
I checked the archives and found that the following CVE reports were
not covered by the comments
leading up to 4.4.3-10-22:

2005-2491


Do you mean CVE-2005-2491?  This should have been fixed by a PCRE
upgrade.

What's your audit methodology?


--
William D. Chipman
Infrastructure Manager
JSA Technologies, Inc.
201 Main Street, Suite 1320
Fort Worth, Tx. 76102

817-810-2204

Reply to:

Follow-Ups:
- Re: PCI vulnerability scan - PHP4 on Sarge
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- PCI vulnerability scan - PHP4 on Sarge
  - From: William Chipman <wchipman@jsatech.com>
- Re: PCI vulnerability scan - PHP4 on Sarge
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: PCI vulnerability scan - PHP4 on Sarge
Next by Date: Re: PCI vulnerability scan - PHP4 on Sarge
Previous by thread: Re: PCI vulnerability scan - PHP4 on Sarge
Next by thread: Re: PCI vulnerability scan - PHP4 on Sarge
Index(es):
- Date
- Thread