vulnerable php-5.0.5-2.1 in fedora-updates-testing
Kazutoshi Morioka
morioka at at.wakwak.com
Fri Jan 6 04:53:00 UTC 2006
php-5.0.5-2.1 package in testing-repo remains vulnerable.
It seems that php-5.0.5-2.1 dosen't contain fixes for
CVE-2005-3388, CVE-2005-3390, CVE-2005-3389, CVE-2005-3353.
And 5.0.5-2.1 is greater than 5.0.4-10.5 in fedora-updates-released.
It would be updated to vulnerable php-5.0.5-2.1 if testing were enabled.
The PHP group recomends updating to 5.1.1 for 5.0.x users.
So, we can't expect no farther 5.0.x releases.
I think php-5.0.5-2.1 should be removed from repository.
More information about the test
mailing list