Hi Andile,
> Im not sure why Gareth said PHP, I’m referring to Apache 2.2.22. > > The below vulnerabilities seem to affect this version: > > CVE-2014-0231 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231> > ... As Paul noted earlier, you can use https://security-tracker.debian.org/ to look for particular CVE; for exemple you'll get this one at: https://security-tracker.debian.org/tracker/CVE-2014-0231 And you will note it's been fixed. The Debian security policy is to get the fix in the existing versions, to minimise changes and reduce the risks of unexpected changes; that is why you will see older version numbers in Debian. That doesn't mean the security issues are not fixed. You can read more about this point, and other aspects of security in Debian, in the security FAQ: http://www.debian.org/security/faq.en.html#oldversion Regards, Fred -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150325140920.ga3...@0d.be
