[CentOS] advice on having php 5.2.x:

Peter Peltonen peter.peltonen at gmail.com
Thu Feb 9 10:33:07 UTC 2012


Hi,

On Thu, Feb 9, 2012 at 12:16 PM, John R. Dennison <jrd at gerdesas.com> wrote:
>> http://dev.centos.org/centos/5/testing/SRPMS/
>
> This should be avoided at all costs.  Those packages have not been
> updated for ever and as a result have multiple known critical
> vulnerabilities.  Additionally, as has been pointed out repeatedly,
> these packages must be removed; the project is effectively pushing known
> vulnerable packages.

Thank you John for pointing this out! I just googled for PHP 5.2 SRPM
and as it was an official CentOS 5 repositry that provided the package
I thought it was maintained security wise. Of course the word
"testing" should have rang a bell...

Best,
Peter



More information about the CentOS mailing list