On Thu, 2005-04-21 at 12:17 -0400, R P Herrold wrote:
> On Thu, 21 Apr 2005, Simon Garner wrote:
>
> > On the subject of PHP, what's the story with the recent PHP security issues:
> > http://www.computerworld.com.au/index.php/id;97355834;fp;16;fpid;0
> >
> > PHP released an update on 31 March to resolve these problems apparently but
> > there doesn't appear to have been any update to the CentOS packages...
>
> Exchangeable Image file format (EXIF) specification bug: this
> was addressed some time ago
>
http://rhn.redhat.com/errata/RHSA-2005-032.html
is from feb 15
(that is the last update from RH for php for CentOS-4)
Looking at php.net and that article, I can't tell if they are fixed or
not.
What we need is the bug numbers for the flaws ... then we can see if
they are fixed. I can tell you that both CentOS-3 and CentOS-4 have the
latest php patches released by redhat.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos/attachments/20050421/2408f5b2/attachment.bin
