Php suffer from multiple vulnerabilities : http://www.ubuntu.com/usn/usn-1126-1/
Blocks: (none) => 908
Summary: Multiple vulnerability => PHP Multiple vulnerability
According to saispo, there is some regression caused by this security update
Saispo, you have more information about the regression caused by this ?
CC: (none) => misc, saispo
Ok, regression seems to have been fixed : http://www.ubuntu.com/usn/usn-1126-2/ So I guess we can update php ?
Several of them were already fixed by http://svnweb.mageia.org/packages?view=revision&revision=87292 - Update to 5.3.6 - Fixes CVE-2011-1153, CVE-2011-1092, CVE-2011-0708, CVE-2011-0421 - Sync with Mandriva
CC: (none) => pterjan
From the CVE listed in that Ubuntu advisory: CVE-2006-7243 Fixed in 5.3.4 CVE-2010-4697 Fixed in 5.3.4 CVE-2010-4698 Fixed in 5.3.4 CVE-2011-0420 CVE-2011-0421 Fixed in 5.3.6 CVE-2011-0441 CVE-2011-0708 Fixed in 5.3.6 CVE-2011-1092 Fixed in 5.3.6 CVE-2011-1144 CVE-2011-1148 CVE-2011-1153 Fixed in 5.3.6 CVE-2011-1464 Fixed in 5.3.6 CVE-2011-1466 Fixed in 5.3.6 CVE-2011-1467 Fixed in 5.3.6 CVE-2011-1468 Fixed in 5.3.6 CVE-2011-1469 Fixed in 5.3.6 CVE-2011-1470 Fixed in 5.3.6 CVE-2011-1471 Fixed in 5.3.6 So CVE-2011-0420, CVE-2011-0441, CVE-2011-1144 and CVE-2011-1148 need to be checked
CVE-2011-0420 Not a security issue according to https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0420
We already have the fix for CVE-2011-0441
Fix for CVE-2011-1148 http://svn.php.net/viewvc?view=revision&revision=310194
CVE-2011-1144 is for php-pear, not php
Fix for CVE-2011-1148 added to php package.
Fix for CVE-2011-1144 added to php-pear package.
Status: NEW => RESOLVEDResolution: (none) => FIXED