According to GLSA 200608-28, the latest PHP vuln can be fixed by upgrading to >=~php-4.4.3-r1 or >=php-5.1.4-r6. I am running php-4.4.4.-pl4 but glsa-check wants to upgrade to php-5 (despite me having php-5 masked out in /etc/portage/package.mask). Does this mean that php-4.4.4.pl4 does not address this vulnerability and if so, why doesn't GLSA 200609-28 state that?
Basically, I want to fix this without upgrading to php-5 on my servers. -- A -- [email protected] mailing list
