[Pkg-php-commits] [php/debian-sid] Update the security policy for Squeeze and greater
Raphael Geissert
geissert at debian.org
Mon Jul 19 02:30:31 UTC 2010
---
debian/README.Debian.security | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/debian/README.Debian.security b/debian/README.Debian.security
index 86f75e2..1531358 100644
--- a/debian/README.Debian.security
+++ b/debian/README.Debian.security
@@ -1,10 +1,13 @@
the Debian stable security team does not provide security support
-for certain configurations known to be inherently insecure. Most
-specifically, the security team will not provide support for flaws in:
+for certain configurations known to be inherently insecure. This
+includes the interpreter itself, extensions, and code written in the
+PHP language. Most specifically, the security team will not provide
+support for flaws in:
- problems which are not flaws in the design of php but can be problematic
- when used by sloppy developers (for example, not checking the contents
- of a tar file before extracting it).
+ when used by sloppy developers (for example: not checking the contents
+ of a tar file before extracting it, using unserialize() on
+ untrusted data, or relying on a specific value of short_open_tag).
- vulnerabilities involving register_globals being activated, unless
specifically the vulnerability activates this setting when it was
--
1.7.1
More information about the Pkg-php-commits
mailing list