Your message dated Fri, 04 Jul 2014 15:00:44 +0200
with message-id
<[email protected]>
and subject line Re: Closing bugs filled against php5 in oldstable
has caused the Debian Bug report #704764,
regarding php5: CVE-2011-1398 results in PCI compliance scan fail
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
704764: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704764
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: php5
Version: 5.3.3-7+squeeze15
Severity: important
CVE-2011-1398 is unfixed in Debian Squeeze and is classified by Trustwave.com
as a PCI compliance scan fail. As far as I can tell there's no way to mitigate
the problem short of building my own packages with upstream patches. I'm not
sure that this is within my capabilities as the initial fixes for this issue
were I think incomplete and resulted in CVE-2012-4388.
I've searched the Debian bugs for PHP and can't find reference to this issue.
Is there a change that CVE-2011-1398 (and therefore CVE-2012-4388) will be
fixed for Debian Squeeze with a security release?
Thanks.
Ronny
-- System Information:
Debian Release: 6.0.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages php5 depends on:
ii libapache2-mod-php5 5.3.3-7+squeeze15 server-side, HTML-embedded scripti
ii php5-common 5.3.3-7+squeeze15 Common files for packages built fr
php5 recommends no packages.
php5 suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 5.4.4-14
One more batch...
On Fri, Jul 4, 2014, at 14:09, Ondřej Surý wrote:
> Version: 5.4.4-14
>
> Hey all,
>
> I am closing the bugs that were filled against php5 5.3 in Debian
> oldstable
> (well and earlier)...
>
> Feel free to reopen the bug in you can reproduce it with php5 from
> current
> stable Debian release.
>
> Cheers,
> --
> Ondřej Surý <[email protected]>
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
--
Ondřej Surý <[email protected]>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
--- End Message ---
