Re: Vulnerable PHP version according to nessus

To: debian-security@lists.debian.org
Subject: Re: Vulnerable PHP version according to nessus
From: Moritz Mühlenhoff <jmm@debian.org>
Date: Wed, 28 Dec 2011 11:01:27 +0100
Message-id: <[🔎] slrnjflq7n.3ki.jmm@inutil.org>
References: <[🔎] BLU158-W3718F107C250F651101134E5AC0@phx.gbl>

Dave Henley <dhenley1@live.com> schrieb:
> --_08b89ad2-8af0-454c-bd3d-7274adf10707_
> Content-Type: text/plain; charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
>
> I recently installed a Debian Squeeze system along with apache2 and PHP5.
> The system is fully up-to-date and the following php packages are installed=

Nearly all Nessus checks are junk; they only check version
numbers, but not whether a vulnerability has actually been fixed.

Since we address security vulnerabilities with backports this
leads to numerous false positives.

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Vulnerable PHP version according to nessus
  - From: Jonas Andradas <j.andradas@gmail.com>

References:
- Vulnerable PHP version according to nessus
  - From: Dave Henley <dhenley1@live.com>

Prev by Date: Re: AW: Vulnerable PHP version according to nessus
Next by Date: Re: Vulnerable PHP version according to nessus
Previous by thread: Re: Vulnerable PHP version according to nessus
Next by thread: Re: Vulnerable PHP version according to nessus
Index(es):
- Date
- Thread