On Wed, Mar 17, 2004 at 10:43:41AM -0600, you [Chris Spencer] wrote:
> On Wed, 2004-03-17 at 01:31, Ville Herva wrote:
> > - Would anyone happen to know if php-4.1.2-7.x.6 is vulnerable to the
> > Bugtraq ID : 7187,7197,7198,7199,7210 issue?
>
> Probably vulnerable. RH7 has been unsupported for some time now.
--8<-----------------------------------------------------------------------
Date: Fri, 12 Dec 2003 10:38:06 +0000 (GMT)
From: Mark J Cox <mjc@xxxxxxxxxx>
Subject: End of Life for Red Hat Linux 7.1, 7.2, 7.3, 8.0
To: redhat-watch-list@xxxxxxxxxx
(...)
Red Hat Linux 7.1, 7.2, 7.3, and 8.0 distributions will reach their
end-of-life for errata maintenance on the 31st December 2003.
~~~~~~~~~~~~~~~~~~
--8<-----------------------------------------------------------------------
Some time, yes. But the vulnerability was discovered in March 2003 - yet no
PHP updates were released for RH7.x since late 2002.
> Your research seems good enough to convince me.
But I found nothing explicit to suggest php-4.1.2-7.x.6 is vulnerable...
> > - Has anyone had success in compiling php-4.3.4 rpm for Red Hat 7.x?
>
> I haven't but this probably isn't an issue really.
Are you implying that it should be easy? I mean easier than trying to
backport the fixes to php-4.1.2-7.x.6?
> Your scripts will almost certainly have issues. I don't know if apache
> will need a recompile but I doubt it.
I hope not. I just wasn't even sure the latest PHP supports Apache 1.3.x,
but apparently it does.
> Recompiling the php modules will be needed, I imagine.
Ugh, that, too. Well, I'm still stumbling with the PHP-4.3.4 compilation.
Perhaps I'll just have to wrap up my sleeves and do it.
> Hope that's helpful.
Yes, thanks.
> I'd suggest if you are going to upgrade just grabbing source RPMs from a
> current distro and trying to recompile them. (May or may not work, but
> seems more likely to).
I did (before I posted the question); I took the Red Hat 8 and Red Hat 9
errata .src.rpm's but both of them are for apache-2 only. The Red Hat 9
.spec is even uncompatible with the RH7.x rpm build system (or at least it
gives as error.) On top of that, they require a huge pile of devel libraries
-- moreover, recent versions of them, which would mean I have to upgrade
things like openldpa, cyrus-sasl, and install freetype and gd... Surely,
with heavy massaging the .spec could be made to work (by disabling
configuration options (although even with --without-freetype it still barfs
on lack of -lttf), but I was trying to imply I didn't find it easy. Hence I
asked íf someone had done it already and could perhaps provide some tips.
-- v --
v@xxxxxx
--
fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list
