[Bug 819587] Re: Please backport PHP 5.3.6-13ubuntu1

David H. Brown dave at davidhbrown.us
Tue Aug 2 13:00:10 UTC 2011


Thanks for the additional info, Micah. Looking at that log, it's clear
that the security updates/patches already available do handle the
*actual* security issues that PHP 5.3.6 addresses.

What it doesn't do is change the server's response header; the automated
PCI compliance test simply parses "PHP/5.3.5-1ubuntu7.2" and sees that
5.3.5 < 5.3.6, so it fails the server for those latest vulnerabilities.
Thus, having a "5.3.6" version of PHP would be helpful. I will use our
PCI test provider's dispute form for those patched vulnerabilities and
see what happens.

-- 
You received this bug notification because you are a member of Ubuntu
Backporters, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/819587

Title:
  Please backport PHP 5.3.6-13ubuntu1

To manage notifications about this bug go to:
https://bugs.launchpad.net/natty-backports/+bug/819587/+subscriptions



More information about the ubuntu-backports mailing list