For instance I'm running the php5 package using apt-get install php5
. The reported version is: PHP/5.2.6-1+lenny9
However, there's currently listed 53 vulnerabilities for PHP/5.2.6 on CVE:
Long link to CVE exploits list
Here's my question. Is PHP/5.2.6-1+lenny9
patched against these vulnerabilities? (Perhaps that's what the +lenny9
part is for?) How do I check?
For instance, how would I check whether the recent EXIF vulnerability is patched in the current Debian Lenny package?