On Tue, Dec 21, 2004 at 05:43:49PM +0200, Peter Peltonen wrote: > Jim Popovitch wrote: > > Does anyone know to what extent, if any, the recently announced PHP > > vulnerabilities affect FL? > > > > My understanding is that this is something that should probably > > necessitate a release from us. > > > > http://www.hardened-php.net/advisories/012004.txt > > RH's own updates are in Q&A for RHEL: > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141132 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=141132#c10 quotes http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=248046 where it is stated that these vulnerabilities are already exploited in the wild. > SRPM for the RHEL *test* update can be found here: > > http://wftp.tu-chemnitz.de/pub/linux/tao/tao-1.0-i386/testing/SRPMS/ This is again 4.3 series only. More precisely php-4.3.2-19.ent.src.rpm. Sigh! Michal -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
