On Thu, 2005-04-21 at 12:17 -0400, R P Herrold wrote:
On Thu, 21 Apr 2005, Simon Garner wrote:
On the subject of PHP, what's the story with the recent PHP security issues: http://www.computerworld.com.au/index.php/id;97355834;fp;16;fpid;0
PHP released an update on 31 March to resolve these problems apparently but there doesn't appear to have been any update to the CentOS packages...
Exchangeable Image file format (EXIF) specification bug: this was addressed some time ago
http://rhn.redhat.com/errata/RHSA-2005-032.html
is from feb 15
(that is the last update from RH for php for CentOS-4)
Looking at php.net and that article, I can't tell if they are fixed or not.
What we need is the bug numbers for the flaws ... then we can see if they are fixed. I can tell you that both CentOS-3 and CentOS-4 have the latest php patches released by redhat.