[php-maint] Month of PHP bugs...
Ondřej Surý
ondrej at sury.org
Thu Mar 8 14:21:39 CET 2007
On Čt, 2007-03-08 at 13:19 +0100, sean finney wrote:
> hey ondrej,
>
> On Thu, 2007-03-08 at 11:51 +0100, Ondřej Surý wrote:
> > Hi guys,
> >
> > have you noticed this: http://www.php-security.org/ ?
> >
> > It gives me creeps...
>
> yeah, that was the cause of the latest round of security updates,
> actually. the php folks released 5.2.1 which supposedly fixes all the
> problems that will be brought up in the MOPB, though we'll see whether
> or not that's really the case. anyway, last time i looked we're in good
> shape wrt the shown bugs--not counting a couple issues not worth fixing
> (XSS in phpinfo(), etc).
There are those marked as (U) which were not fixed by 5.2.1 release and
at least MOPB-14-2007 looks serios (arbitrary memory read caused by
integer overflow).
Ondrej
--
Ondřej Surý <ondrej at sury.org> *** http://blog.rfc1925.org/
Kulturní občasník *** http://www.obcasnik.cz/
More information about the pkg-php-maint
mailing list