Hosting Provided By

Re: PCI vulnerability scan - PHP4 on Sarge

From: William Chipman <wchipman(at)jsatech.com>
Date: Tue Dec 18 2007 - 07:14:26 EST

The pcre patches mention fixes to the library and to python2.1, 2.2 and 2.3, but not php4.

Florian Weimer wrote:
> * William Chipman:
>
>
>> We had a scan of our systems for PCI compliance and received warnings
>> about PHP 4.4.3-10-22.
>> I checked the archives and found that the following CVE reports were
>> not covered by the comments
>> leading up to 4.4.3-10-22:
>>
>
>
>> 2005-2491
>>
>
> Do you mean CVE-2005-2491? This should have been fixed by a PCRE
> upgrade.
>
> What's your audit methodology?
>
>
>

-- 
William D. Chipman
Infrastructure Manager
JSA Technologies, Inc.
201 Main Street, Suite 1320
Fort Worth, Tx. 76102

817-810-2204



-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Tue Dec 18 07:31:27 2007

This message: [ Message body ]
Next message: Florian Weimer: "Re: PCI vulnerability scan - PHP4 on Sarge"
Previous message: Florian Weimer: "Re: PCI vulnerability scan - PHP4 on Sarge"
In reply to: Florian Weimer: "Re: PCI vulnerability scan - PHP4 on Sarge"
Next in thread: Florian Weimer: "Re: PCI vulnerability scan - PHP4 on Sarge"
Reply: Florian Weimer: "Re: PCI vulnerability scan - PHP4 on Sarge"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:36 EDT