On 02/09/2012 04:16 AM, John R. Dennison wrote: > On Thu, Feb 09, 2012 at 12:07:34PM +0200, Peter Peltonen wrote: >> Hi, >> >> There is a PHP 5.2 RPM for CentoOS5 in the testing repo: >> >> http://dev.centos.org/centos/5/testing/SRPMS/ > This should be avoided at all costs. Those packages have not been > updated for ever and as a result have multiple known critical > vulnerabilities. Additionally, as has been pointed out repeatedly, > these packages must be removed; the project is effectively pushing known > vulnerable packages. > > Use the IUS repository and the php-5.2.17 packages they supply. IUS is > known and vetted and they have a commercial stake in the stability and > integrity of the packages in that repo as they are what RackSpace makes > available to their own paying customers. > > Please see http://wiki.centos.org/AdditionalResources/Repositories for > more information and a link to the IUS repo. For the record, those 5.2.10 php files are the latest released from here: ftp://ftp.redhat.com/redhat/linux/enterprise/5Server/en/RHWAS/SRPMS/ Those are from the Red Hat Web Application Stack for EL5. It gets errata here: https://rhn.redhat.com/errata/rhel-appstk-5-errata.html As to whether or not you should use them, that is ... of course ... up to you. It is the latest released, by upstream. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 262 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20120209/a9b55b3c/attachment-0005.sig>