Hi,
I've being using the 5.2.10 that is in testing in a production environment for more than six months without any problem. I am wondering if/when we are going to see a 5.2.14 version there and if the recently disclosure of a 5.1.6 security update affects the 5.2.10 that is in testing.
On 12/01/2010 11:54 AM, robert mena wrote:
Hi,
I've being using the 5.2.10 that is in testing in a production environment for more than six months without any problem. I am wondering if/when we are going to see a 5.2.14 version there and if the recently disclosure of a 5.1.6 security update affects the 5.2.10 that is in testing.
If you file an issue request at bugs.centos.org; i'll investigate
- KB
Dne 1.12.2010 13:17, Karanbir Singh napsal(a):
If you file an issue request at bugs.centos.org; i'll investigate
- KB
I'd say the bigger issue is 5.1.6 C4Plus php, which is not maintained together with C4Plus pecl/pear modules. C4Plus php is installed on many boxes over the world. DH
Thanks. I'll do it later tonight.
On Wed, Dec 1, 2010 at 8:17 AM, Karanbir Singh mail-lists@karan.org wrote:
On 12/01/2010 11:54 AM, robert mena wrote:
Hi,
I've being using the 5.2.10 that is in testing in a production environment for more than six months without any problem. I am wondering if/when we are going to see a 5.2.14 version there and if the recently disclosure of a 5.1.6 security update affects the 5.2.10 that is in testing.
If you file an issue request at bugs.centos.org; i'll investigate
- KB
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi,
On Wed, 2010-12-01 at 07:54 -0400, robert mena wrote:
I am wondering if/when we are going to see a 5.2.14 version there and if the recently disclosure of a 5.1.6 security update affects the 5.2.10 that is in testing.
Red Hat just put out this security alert concerning multiple PHP vulnerabilities, which is probably what you are speaking off: https://rhn.redhat.com/errata/RHSA-2010-0919.html
All these vulnerabilities except for the last one (https://www.redhat.com/security/data/cve/CVE-2010-3870.html / http://bugs.php.net/bug.php?id=49687) are fixed in PHP-5.2.14. For this one issue you might need to use the patch from the latest upstream SRPM.
Regards, Leonard.
On Wed, 2010-12-01 at 13:50 +0100, Leonard den Ottolander wrote:
All these vulnerabilities except for the last one (https://www.redhat.com/security/data/cve/CVE-2010-3870.html / http://bugs.php.net/bug.php?id=49687) are fixed in PHP-5.2.14. For this one issue you might need to use the patch from the latest upstream SRPM.
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/ext/xml/xml.c?r1=2931... is the fix for the 5.2 branch which is not yet in the released 5.2.14.
-
David Hrbáč -
Karanbir Singh -
Leonard den Ottolander -
robert mena