Hosting Provided By

Re: PCI vulnerability scan - PHP4 on Sarge

From: Florian Weimer <fw(at)deneb.enyo.de>
Date: Tue Dec 18 2007 - 06:09:38 EST

William Chipman:

> We had a scan of our systems for PCI compliance and received warnings
> about PHP 4.4.3-10-22.
> I checked the archives and found that the following CVE reports were
> not covered by the comments
> leading up to 4.4.3-10-22:

> 2005-2491

Do you mean CVE-2005-2491? This should have been fixed by a PCRE upgrade.

What's your audit methodology?

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Tue Dec 18 06:16:53 2007

This message: [ Message body ]
Next message: William Chipman: "Re: PCI vulnerability scan - PHP4 on Sarge"
Previous message: Lars Schimmer: "Re: large campus network ... sugestions"
In reply to: William Chipman: "PCI vulnerability scan - PHP4 on Sarge"
Next in thread: William Chipman: "Re: PCI vulnerability scan - PHP4 on Sarge"
Reply: William Chipman: "Re: PCI vulnerability scan - PHP4 on Sarge"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:36 EDT