Steven Lindsey
Sr. Systems Administrator
RPI Computer Science
On 10/13/2017 03:41 PM, Nish Aravamudan wrote:
> Thank Tyler :)
>
> Steven,
>
> a) The patched version from Ondrej's repo is not an official, nor
> supported version, it's irrelevant to this discussion.
>
> b) If you can provide the CVEs that Tyler asked for, then a security
> update will occur.
>
> c) We do have an MRE for PHP7.0 (probably also for PHP7.1 by the same
> logic) and I plan on submitting an update to the latest PHP7.0 upstream
> in the next week or two. But that will only be present in -updates, not
> -security unless b) is addressed.
>
> Sorry for the delay on my end in replying to this bug.
>
I don't know if a CVE was generated or not, I'm only going off the
information at
https:/ /www.cisecurity .org/advisory/ multiple- vulnerabilities -in-php- could-allow- for-arbitrary- code-execution_ 2017-093/
Steven Lindsey
Sr. Systems Administrator
RPI Computer Science
On 10/13/2017 03:41 PM, Nish Aravamudan wrote:
> Thank Tyler :)
>
> Steven,
>
> a) The patched version from Ondrej's repo is not an official, nor
> supported version, it's irrelevant to this discussion.
>
> b) If you can provide the CVEs that Tyler asked for, then a security
> update will occur.
>
> c) We do have an MRE for PHP7.0 (probably also for PHP7.1 by the same
> logic) and I plan on submitting an update to the latest PHP7.0 upstream
> in the next week or two. But that will only be present in -updates, not
> -security unless b) is addressed.
>
> Sorry for the delay on my end in replying to this bug.
>