On Fri, 2006-01-06 at 13:53 +0900, Kazutoshi Morioka wrote: > php-5.0.5-2.1 package in testing-repo remains vulnerable. > It seems that php-5.0.5-2.1 dosen't contain fixes for > CVE-2005-3388, CVE-2005-3390, CVE-2005-3389, CVE-2005-3353. > And 5.0.5-2.1 is greater than 5.0.4-10.5 in fedora-updates-released. > It would be updated to vulnerable php-5.0.5-2.1 if testing were enabled. > The PHP group recomends updating to 5.1.1 for 5.0.x users. > So, we can't expect no farther 5.0.x releases. > I think php-5.0.5-2.1 should be removed from repository. This will of course be fixed in the final release, but please be aware that testing or beta/alpha software in rawhide should _not_ be used for production systems. -- Jesse Keating RHCE (geek.j2solutions.net) Fedora Legacy Team (www.fedoralegacy.org) GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list