PHP vulnerabilities

Asked by Jun Fonseca on 2008-06-18

   Our IT department is complaining that the PHP 5.2.4 included in Hardy is vulnerable:
CVE : CVE-2007-4850, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051
CVE : CVE-2007-4887, CVE-2007-5898, CVE-2007-5900
   They are recommending the upgrade to 5.2.6.

   I ask you if the fixes were backported, or when will the new version be available.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu php5 Edit question
Assignee:
No assignee Edit question
Last query:
2008-06-18
Last reply:
2008-06-19
Gord Allott (gordallott) said : #1

the new version will be available in ubuntu intrepid ibex released in october. you can ask the backports team to add php 5.2.6 to hardy backports though https://launchpad.net/hardy-backports/+filebug

ubuntu hardy is more about being stable rather than upgrading packages when new versions are released

William Grant (wgrant) said : #2

Gord's response is incorrect. Security fixes obviously have an exemption from the update restriction. You should expect to see security updates for those issues very soon, though not an upgrade to 5.2.6.

Can you help with this problem?

Provide an answer of your own, or ask Jun Fonseca for more information if necessary.

To post a message you must log in.