Re: [SECURITY] [DSA 3358-1] php5 security update
Wolfgang Karall <email@example.com> schrieb:
> Content-Type: text/plain; charset=iso-8859-1
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
> Hello Moritz,
> On 15-09-15 13:58:52, Moritz M=FChlenhoff wrote:
>> The upstream security support time frame isn't identical to the support
>> time frame in Debian, e.g. PHP 5.3 from squeeze also continues to
>> be security-supported.
> I was under the impression that PHP security support at some point
> switched to following the upstream versions, but I'm happy to see
> backported security fixes for Debian 5.4 in wheezy.
Correct, as long as PHP ships their point releases, we're now
releasing these through security.debian.org, but once that ends
we can still backport fixes on our own.
So, wheezy will stick with 5.4.