Package: php5 Version: 5.3.8-1 Severity: minor README.Debian.security contains:
Most specifically, the security team will not provide support for flaws in: - problems which are not flaws in the design of php but can be problematic when used by sloppy developers (for example: not checking the contents of a tar file before extracting it, using unserialize() on untrusted data, or relying on a specific value of short_open_tag).
It is unclear to me how using unserialize() on untrusted data would create a particular risk. Do you perhaps mean extract()?
-- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org