I am new bee to Linux/ubuntu forum,
Recently we have performed PCI scan on one of our website, and we have found some vulnerabilities. The App we are using for this site is
OS : ubuntu 12.04.3
language : php 5.3.10
web server : nginx
In the PCI report there are certain CVE's that i am unable to found in ubuntu repository change log (http://changelogs.ubuntu.com/changel...u3.9/changelog). So my question is where i can reach for this information , i have already search the internet but dint find any thing interesting.
Where are at php.net they follow issues with Bug number , now typical thing is who to relate CVE's with Bug numbers.
Pls suggest , some path way to proceed.
some of the CVE's which i could not found information are (CVE-2005-1871
CVE-2012-3365 ) This includes CVE's for php , openssh, nginx , Drupal.