On Tue Aug 20, 2002 at 09:10:56PM +0200, Jonas Jensen wrote: > Beta3 is still shipping with the vulnerable php-4.2.1-8mdk. See my > previous mail below.
This should be fixed this week. > Subject: php 4.2.1 in 9.0beta2/cooker > Date: Sat, 10 Aug 2002 08:40:08 +0200 > From: Jonas Jensen <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > CC: [EMAIL PROTECTED] > > You have had php-4.2.1 in cooker for a long time, and it's also in 9.0 > beta 2, even though it contains a known vulnerability. Look at > http://www.cert.org/advisories/CA-2002-21.html > I hope you will replace it with 4.2.2 as soon as possible, as > Mandrakesoft stated in the advisory: "The Mandrake Linux cooker does > currently contain PHP 4.2.1 and will be updated shortly, but cooker > should not be used in a production environment and no advisory will be > issued." (that was over two weeks ago) > > (please cc me on replies) > /Jonas Jensen > > > > -- MandrakeSoft Security; http://www.mandrakesecure.net/ "lynx -source http://www.freezer-burn.org/bios/vdanen.gpg | gpg --import" {GnuPG: 1024D/FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
msg71867/pgp00000.pgp
Description: PGP signature
