201408-11 [N] [remote ] PHP: Multiple vulnerabilities ( dev-lang/php-5.4.41 ) 201411-04 [N] [remote ] PHP: Multiple vulnerabilities ( dev-lang/php-5.4.41 ) 201503-03 [N] [remote ] PHP: Multiple vulnerabilities ( dev-lang/php-5.4.41 ) Can this be fixed please?
Not intending to bump, bit it's still active as of today. Are those GLSA's affecting 5.4.41? If so, will there be a fix? If not, can this be fixed? Thank you very much in advance!
Sorry for not fixing this faster. These false positives arise due to a limitation of the current GLSA format: We can't properly supply information about SLOTs in GLSAs and have to explicitly enumerate older versions to make glsa-check recognize them as unaffected. I have just added PHP versions up to 5.4.46 (which doesn't exist yet) to the mentioned GLSAs to work around this issue.