On Sat, 2005-12-03 at 00:46 -0600, Gilbert Sebenste wrote: > A few weeks ago some major security holes were announced in regards to the > PHP packages. Was there an update I missed? I see the current version on a > system I am running it on is php-5.0.4-10.5. I'm not sure exactly if these are the security issues you refer to, but the RPM's changelog for php-5.0.4-10.5 says: * Fri Nov 04 2005 Joe Orton <jorton@xxxxxxxxxx> 5.0.4-10.5 - add security fixes from upstream: * XSS issues in phpinfo() (CVE-2005-3388, #172212) * GLOBALS handling (CVE-2005-3390, #172207) * parse_str() enabling register_globals (CVE-2005-3389, #172209) * exif: infinite recursion on corrupt JPEG (CVE-2005-3353) - add unserializer fix for x86_64 (upstream #34435) -- Peter Gordon (codergeek42) GnuPG Public Key: 0xDA3634D7
Attachment:
signature.asc
Description: This is a digitally signed message part
