[CentOS] php 5.1.6 vulnerability in CentosPlus repo

Mon Jul 4 17:08:09 UTC 2011
James Matthews <nytrokiss at gmail.com>

You can also build the packages yourself and keep abreast of the mailing
list

On Sun, Jul 3, 2011 at 9:11 AM, John R. Dennison <jrd at gerdesas.com> wrote:

> On Sun, Jul 03, 2011 at 02:29:12PM +0200, Alain Péan wrote:
> >
> >
> > So 5.1.6 is the current package on CentOS, at least in base repo, I
> > don't know for CentOSPlus, and your question is totally valid.
>
> The php in base, for both C4 and C5, gets updates.  I've not seen an
> update for the C4 plus package since, well, 2008.  This also brings up
> the question what stack this package was part of upstream; I'm not able
> to locate it in Redhat's mirrors.
>
> > I am not using PHP, so I am not aware of the last vulnerabilities, but
> > you should know that RedHat backports security fixes, and features, from
> > further releases, so the version number is not that informative. See for
> > example this rather old thread (2010) :
>
> They only backport for supported packages.  It appears that this package
> may have been orphaned upstream.
>
> > http://forums.whirlpool.net.au/archive/1424743
>
> Returns a 404.
>
>
>
>
>                                                        John
>
> --
> When there are too many policemen, there can be no liberty.  When there are
> too many soldiers, there can be no peace.  When there are too many lawyers,
> there can be no justice.
>
> -- Lin Yutang (10 October 1895 - 26 March 1976), Chinese writer and
> translator,
> as quoted in Alexander, James (2005). The World's Funniest Laws. Cheam:
> Crombie
> Jardine. pp. page 6
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>


-- 
http://www.theboxery.com

--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110704/0ed84cba/attachment-0005.html>