On Thu, 2005-04-21 at 12:17 -0400, R P Herrold wrote: > On Thu, 21 Apr 2005, Simon Garner wrote: > > > On the subject of PHP, what's the story with the recent PHP security issues: > > http://www.computerworld.com.au/index.php/id;97355834;fp;16;fpid;0 > > > > PHP released an update on 31 March to resolve these problems apparently but > > there doesn't appear to have been any update to the CentOS packages... > > Exchangeable Image file format (EXIF) specification bug: this > was addressed some time ago > http://rhn.redhat.com/errata/RHSA-2005-032.html is from feb 15 (that is the last update from RH for php for CentOS-4) Looking at php.net and that article, I can't tell if they are fixed or not. What we need is the bug numbers for the flaws ... then we can see if they are fixed. I can tell you that both CentOS-3 and CentOS-4 have the latest php patches released by redhat. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20050421/2408f5b2/attachment-0005.sig>