On Tue, Apr 24, 2012 at 05:06:26AM +0200, Nico Golde wrote: > * Chris Butler <[email protected]> [2012-04-23 14:51]: > > >From a quick scan, it seems that CVE-2010-3064 is a likely cut-off point, > > >as > > it seems to be the last one listed as affecting "PHP 5.3 through 5.3.2". > > Although I'm a little bit busy right at the moment, I can probably have a > > more detailed look through the list later today when I have a bit more spare > > time, if that would help. > > What is this exactly based on? Cause the CVE id description is unfortunately > not very reliable.
Ah, I wasn't aware of that, thanks for the heads-up. It was mostly based on looking at the description, although a couple of the ones I picked at random were also listed as fixed in the PHP changelog pre-5.3.3.. It was just a quick scan of the list at the time, as I didn't have time to go into detail. I started having a closer look through the list last night, and will let the list know once I've got some more useful/accurate data... -- Chris Butler <[email protected]> GnuPG Key ID: 4096R/49E3ACD3 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
