Hi Philip Thank you very much for your response.
Regards On 2015/03/25, 4:28 PM, "Philip Hands" <p...@hands.com> wrote: >Andile Ntebe <ant...@acceleration.biz> writes: > >> Hi >> >> Im not sure why Gareth said PHP, I’m referring to Apache 2.2.22. >> >> The below vulnerabilities seem to affect this version: > >You seem not to have noticed that Debian fixes security issues in stable >versions of our packages, so you're comparing the version that Apache >would tell you is vulnerable without noticing the faxes that have been >applied since then by the Debian security team. > >I suggest that you take your list of CVEs and see if any of them are not >mentioned as having been fixed in the Debian changelog: > > > http://metadata.ftp-master.debian.org/changelogs//main/a/apache2/apache2_2.2.22-13+deb7u4_changelog > >(I'm guessing that if you've been upgrading as hard as you can, and >still have 2.2.22 then you're using Debian 7, a.k.a "wheezy" -- look in >/etc/debian_version where you should see "7.8") > >Anyway, you need to note that the Debian version of Apache that you are >running is not 2.2.22, but rather 2.2.22-13+deb7u4, so that is the 13th >version of the package that's been built by the package maintainer, many >of which added fixed for CVEs, taking us to version 2.2.22-13, followed >by four more uploads that backport fixes to Debian 7 (deb7u1..deb7u4) >each of which adds more CVE fixes. > >Upgrading to the latest version of something to fix security bugs >carries with it the potential to introduce new unexpected behaviours, >and that may result in things breaking, which is why we backport >security fixes instead of just asking everyone to upgrade and hoping for >the best. > >... >> Is there a way for us to update to the latest version? > >There certainly is -- you can choose to run our testing or unstable >branches, rather than stable, but hopefully now you know why you should >not be fretting about this. > >Cheers, Phil. >-- >|)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. >|-| http://www.hands.com/ http://ftp.uk.debian.org/ >|(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
