Package: php5 Version: 5.3.3-7+squeeze15 Severity: important CVE-2011-1398 is unfixed in Debian Squeeze and is classified by Trustwave.com as a PCI compliance scan fail. As far as I can tell there's no way to mitigate the problem short of building my own packages with upstream patches. I'm not sure that this is within my capabilities as the initial fixes for this issue were I think incomplete and resulted in CVE-2012-4388.
I've searched the Debian bugs for PHP and can't find reference to this issue. Is there a change that CVE-2011-1398 (and therefore CVE-2012-4388) will be fixed for Debian Squeeze with a security release? Thanks. Ronny -- System Information: Debian Release: 6.0.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php5 depends on: ii libapache2-mod-php5 5.3.3-7+squeeze15 server-side, HTML-embedded scripti ii php5-common 5.3.3-7+squeeze15 Common files for packages built fr php5 recommends no packages. php5 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
