Hi, On Thu, Feb 9, 2012 at 12:16 PM, John R. Dennison <jrd at gerdesas.com> wrote: >> http://dev.centos.org/centos/5/testing/SRPMS/ > > This should be avoided at all costs. Those packages have not been > updated for ever and as a result have multiple known critical > vulnerabilities. Additionally, as has been pointed out repeatedly, > these packages must be removed; the project is effectively pushing known > vulnerable packages. Thank you John for pointing this out! I just googled for PHP 5.2 SRPM and as it was an official CentOS 5 repositry that provided the package I thought it was maintained security wise. Of course the word "testing" should have rang a bell... Best, Peter