On Wed, 2010-12-01 at 07:54 -0400, robert mena wrote:
I am wondering if/when we are going to see a 5.2.14 version there and if the recently disclosure of a 5.1.6 security update affects the 5.2.10 that is in testing.
Red Hat just put out this security alert concerning multiple PHP vulnerabilities, which is probably what you are speaking off: https://rhn.redhat.com/errata/RHSA-2010-0919.html
All these vulnerabilities except for the last one (https://www.redhat.com/security/data/cve/CVE-2010-3870.html / http://bugs.php.net/bug.php?id=49687) are fixed in PHP-5.2.14. For this one issue you might need to use the patch from the latest upstream SRPM.
Regards, Leonard.