[php-maint] Month of PHP bugs...

Ondřej Surý ondrej at sury.org
Thu Mar 8 14:21:39 CET 2007

On Čt, 2007-03-08 at 13:19 +0100, sean finney wrote:
> hey ondrej,
> On Thu, 2007-03-08 at 11:51 +0100, Ondřej Surý wrote:
> > Hi guys,
> > 
> > have you noticed this: http://www.php-security.org/ ?
> > 
> > It gives me creeps...
> yeah, that was the cause of the latest round of security updates,
> actually.  the php folks released 5.2.1 which supposedly fixes all the
> problems that will be brought up in the MOPB, though we'll see whether
> or not that's really the case.  anyway, last time i looked we're in good
> shape wrt the shown bugs--not counting a couple issues not worth fixing
> (XSS in phpinfo(), etc).

There are those marked as (U) which were not fixed by 5.2.1 release and
at least MOPB-14-2007 looks serios (arbitrary memory read caused by
integer overflow).

Ondřej Surý <ondrej at sury.org>  ***  http://blog.rfc1925.org/
Kulturní občasník              ***  http://www.obcasnik.cz/

More information about the pkg-php-maint mailing list