Hi,
I've been asked to look at the OpenPKG-SA-2003.010-php security
advisory to see whether it affects our installation of Apache
1.3.27(which we obtained directly from the apache web site).
The advisisory seems to say that the problem is specifically with PHP
(which we do not use), but it lists affected packages thus:
Affected Releases: Affected Packages: Corrected Packages:
OpenPKG CURRENT == php-4.3.0-20030115 >= php-4.3.1-20030218
<= apache-1.3.27-20030212 >=
apache-1.3.27-20030218
>= apache-1.3.27-20021228 >=
apache-1.3.27-20030218
OpenPKG 1.2 == php-4.3.0-1.2.0 >= php-4.3.0-1.2.1
== apache-1.3.27-1.2.0 >= apache-1.3.27-1.2.1
OpenPKG 1.1 none N.A.
As I am completely new to OpenPKG the above format is a bit confusing,
but it appears to be saying that some versions of the apache package
are affected - why should this be if the problem is specifically with
PHP? As far as I am aware 1.3.27 of apache from the apache site does
not include PHP.
Am I right in assuming that that the packages listed above are packages
that OpenPKG have put together themselves (as distinct from the apache
or php tar files which are downloadable from the apache or php sites),
and that the extra date stamp in the package name is specific to an
issue of the OpenPKG package? If this is the case then the only reason
I can think of that OpenPKG's apache packages are affected by the PHP
problem is that OpenPKG had decided to include PHP with their own
apache package. Is this the case?
Thanks,
Colin
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com
______________________________________________________________________
The OpenPKG Project www.openpkg.org
User Communication List [EMAIL PROTECTED]
