Re: [SECURITY] [DSA 3358-1] php5 security update

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 3358-1] php5 security update
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Tue, 15 Sep 2015 21:25:07 +0200
Message-id: <[🔎] slrnmvgs4j.4kk.jmm@inutil.org>
References: <E1Zb8jA-0007aP-FT@master.debian.org> <[🔎] 20150914151256.GE13984@lenny.fqdn.at> <[🔎] slrnmvg1vs.t7a.jmm@inutil.org> <[🔎] 20150915182512.GC20123@lenny.fqdn.at>

Wolfgang Karall <lists+debian-security@karall-edv.at> schrieb:
>
> --rQ2U398070+RC21q
> Content-Type: text/plain; charset=iso-8859-1
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> Hello Moritz,
>
> On 15-09-15 13:58:52, Moritz M=FChlenhoff wrote:
>> The upstream security support time frame isn't identical to the support
>> time frame in Debian, e.g. PHP 5.3 from squeeze also continues to
>> be security-supported.
>
> I was under the impression that PHP security support at some point
> switched to following the upstream versions, but I'm happy to see
> backported security fixes for Debian 5.4 in wheezy.

Correct, as long as PHP ships their point releases, we're now
releasing these through security.debian.org, but once that ends
we can still backport fixes on our own.

So, wheezy will stick with 5.4.

Cheers,
        Moritz

Reply to:

References:
- Re: [SECURITY] [DSA 3358-1] php5 security update
  - From: Wolfgang Karall-Ahlborn <lists+debian-security@karall-edv.at>
- Re: [SECURITY] [DSA 3358-1] php5 security update
  - From: Moritz Mühlenhoff <jmm@inutil.org>
- Re: [SECURITY] [DSA 3358-1] php5 security update
  - From: Wolfgang Karall <lists+debian-security@karall-edv.at>

Prev by Date: Re: [SECURITY] [DSA 3358-1] php5 security update
Next by Date: Re: [SECURITY] [DSA 3359-1] virtualbox security update
Previous by thread: Re: [SECURITY] [DSA 3358-1] php5 security update
Next by thread: Re: [SECURITY] [DSA 3359-1] virtualbox security update
Index(es):
- Date
- Thread