> On 9 May 2012 07:56, Murray Crane <murray.crane@???> wrote:
> > I'm running latest WP on Ubuntu LTS (10.04) using PHP5-CGI and lighttpd.
> I
> > know full well that my PHP5 will be vulnerable (v5.3.2, damn you Ubuntu;
> > CATCH UP FOR F**KS SAKE!!!), but I don't know how to go about securing
> it in
> > lighty (if I even need to). I do know that if I point a browser at
> > "index.php?-s", I get the front page of my blog back (as if I had left
> the
> > "?-s" off) and not anything that would scream "VULNERABLE!!!" at me.
> >
>
> You sure about Ubuntu not putting an update out?
>
> https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15 suggests
> otherwise.
>
> Announce went out some days back, and the new packages were already
> available.
>
>
> https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-May/001678.html
>
> Al.
>
--e89a8f6428ecc0567804bf9c7c90
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
All my Ubuntu boxes (that I can currently access, that is) have back-port f=
ixes, so all good.=A0Thanks for the heads up Al.<div><br clear=3D"all">Kind=
regards<br><br>Murray Crane<br><br>
<br><br><div class=3D"gmail_quote">On 9 May 2012 16:35, Alan Pope <span dir=
=3D"ltr"><<a href=3D"
mailto:alan@popey.com" target=3D"_blank">alan@popey=
.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"ma=
rgin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class=3D"im">On 9 May 2012 07:56, Murray Crane <<a href=3D"mailto:m=
urray.crane@???">murray.crane@???</a>> wrote:<br>
> I'm running latest WP on Ubuntu LTS (10.04) using PHP5-CGI and lig=
httpd. I<br>
> know full well that my PHP5 will be vulnerable (v5.3.2, damn you Ubunt=
u;<br>
> CATCH UP FOR F**KS SAKE!!!), but I don't know how to go about secu=
ring it in<br>
> lighty (if I even need to). I do know that if I point a browser at<br>
> "index.php?-s", I get the front page of my blog back (as if =
I had left the<br>
> "?-s" off) and not anything that would scream "VULNERAB=
LE!!!" at me.<br>
><br>
<br>
</div>You sure about Ubuntu not putting an update out?<br>
<br>
<a href=3D"
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15" tar=
get=3D"_blank">
https://launchpad.net/ubuntu/+source/php5/5.3.2-1ubuntu4.15<=
/a> =A0suggests otherwise.<br>
<br>
Announce went out some days back, and the new packages were already availab=
le.<br>
<br>
<a href=3D"
https://lists.ubuntu.com/archives/ubuntu-security-announce/2012-=
May/001678.html" target=3D"_blank">
https://lists.ubuntu.com/archives/ubuntu=
-security-announce/2012-May/001678.html</a><br>
<br>
Al.<br>
</blockquote></div><br></div>
--e89a8f6428ecc0567804bf9c7c90--
From adam.spiers@??? Wed May 09 16:26:43 2012
Received: from mail-wg0-f52.google.com ([74.125.82.52])
by mail.bitfolk.com with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16)
(Exim 4.72) (envelope-from <adam.spiers@gma
