php-5.0.5-2.1 package in testing-repo remains vulnerable. It seems that php-5.0.5-2.1 dosen't contain fixes for CVE-2005-3388, CVE-2005-3390, CVE-2005-3389, CVE-2005-3353. And 5.0.5-2.1 is greater than 5.0.4-10.5 in fedora-updates-released. It would be updated to vulnerable php-5.0.5-2.1 if testing were enabled. The PHP group recomends updating to 5.1.1 for 5.0.x users. So, we can't expect no farther 5.0.x releases. I think php-5.0.5-2.1 should be removed from repository. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list