Dear release team, I saw the happy notice about 6.0.9 release, and wondered why isn't php5 (5.3.3-7+squeeze18) part of this update (uploaded in December).
Also see this: http://qa.debian.org/madison.php?package=php5 The changes log (taken from the our VCS) has two CVEs: * [CVE-2013-6420]: Fix memory corruption in openssl_x509_parse (Closes: #731895) * [CVE-2013-6712] Fix heap buffer over-read in DateInterval (Closes: #731112) Thanks, Kaplan
