On 10/19/2011 8:05 AM, Jon Watson wrote:
> On Wed, Oct 19, 2011 at 11:54 AM, Jim Lucas <li...@cmsws.com> wrote:
>> On 10/19/2011 7:00 AM, Jon Watson wrote:
>>> Hello All,
>>> I am trying to make some sense of this PHP5 security vulnerability notice
>>> from 18 October 2011:
>>> http://comments.gmane.org/gmane.linux.ubuntu.security.announce/1478
>> <snip>
>> This is discussing the packages distributed for Ubuntu X.X.  Sounds like
>> what
>> you have is your own custom install.  If that is the case, the concern may
>> still
>> apply, but it is going to be up to you to figure out what the security
>> issue is
>> and verify your system in some manor.
> Agreed and I guess that is what I am trying to assess. The Ubuntu security
> notice doesn't go into specifics about the 5.2.x version has the issues
> other than presumably something earlier than 5.2.4. It would have been most
> helpful of them to provide some sort of test or at least the full version of
> the affected release.
> So, basically hunting around for some confirmation that my version is OK.
> I also find it odd that there is no accompanying security notice from
> PHP.net. If this is a security vulnerability in PHP 5 as reported by
> Canonical, why has PHP.net not released a security notice?

My guess is that this is not a security issue with PHP but more so a security
issue with they way they had that version configured/setup on the system.

Jim Lucas


C - (541) 408-5189
O - (541) 323-9113
H - (541) 323-4219

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to