On Sun, May 6, 2012 10:00, Thijs Kinkhorst wrote: > On Sat, May 5, 2012 20:49, Adam D. Barratt wrote: >> On Sat, 2012-05-05 at 20:39 +0200, Ondrej Sury wrote: >>> > For some reason I had it in my head that 5.4.2 was the upstream >>> version >>> > with the fixed fix rather than the not-quite fixed fix. >>> >>> I think this is the case (e.g. 5.4.2 is the fixed version). >> >> I assume Thijs was referring to CVE-2012-2311, which covers the fix in >> 5.4.2 being incomplete. > > PHP 5.4.2 does not fix the issue.
PHP upstream has now announced new releases for tomorrow, which also fix another security issue: http://www.php.net/archive/2012.php#id2012-05-06-1 It would be great if we could get that into unstable swiftly and then start the migration process. Cheers, Thijs -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
