On Thursday, February 28, 2002, at 12:51 PM, Gianluca Faieta wrote:
>
> Is LM vulnerable to the vulnerability described in
> http://security.e-matters.de/advisories/012002.html
>
> If so, when will updates be available? ... leaving vulnerable PHP in
> place
> doesn't seem a good idea ;-), compiling from tarballs is not so elegant,
> generating RPMS for three distributions is out of my scope.
>

Here's my exprience upgrading php this morning:
I could only find a .src and one other (.alpha ?) rpm on rpmfind that
appeared to fix the vulnerability, so I had to compile from the .src rpm.
Unfortunately when I tried to update php and mod_php, it wanted newer
versions of
apache which would have put me onto the endless road of dependencies, so
I --nodeps'd it
and that seemed to work except I had to also update php-mysql which rpm
didn't warn about.

For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]