On 10/19/2011 8:05 AM, Jon Watson wrote: > On Wed, Oct 19, 2011 at 11:54 AM, Jim Lucas <lists@xxxxxxxxx> wrote: > >> On 10/19/2011 7:00 AM, Jon Watson wrote: >>> Hello All, >>> >>> I am trying to make some sense of this PHP5 security vulnerability notice >>> from 18 October 2011: >>> >>> http://comments.gmane.org/gmane.linux.ubuntu.security.announce/1478 >> >> <snip> > > >> This is discussing the packages distributed for Ubuntu X.X. Sounds like >> what >> you have is your own custom install. If that is the case, the concern may >> still >> apply, but it is going to be up to you to figure out what the security >> issue is >> and verify your system in some manor. >> > > Agreed and I guess that is what I am trying to assess. The Ubuntu security > notice doesn't go into specifics about the 5.2.x version has the issues > other than presumably something earlier than 5.2.4. It would have been most > helpful of them to provide some sort of test or at least the full version of > the affected release. > > So, basically hunting around for some confirmation that my version is OK. > > I also find it odd that there is no accompanying security notice from > PHP.net. If this is a security vulnerability in PHP 5 as reported by > Canonical, why has PHP.net not released a security notice? > My guess is that this is not a security issue with PHP but more so a security issue with they way they had that version configured/setup on the system. -- Jim Lucas http://www.cmsws.com/ http://www.cmsws.com/examples/ http://www.bendsource.com/ C - (541) 408-5189 O - (541) 323-9113 H - (541) 323-4219 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
