On Fri, Jun 7, 2013 at 6:34 AM, Pierre Schmitz <pie...@archlinux.de> wrote:
> Am 07.06.2013 01:58, schrieb Stas Malyshev: > > Hello! > > > > The PHP development team announces the immediate availability of PHP > > 5.4.16 and PHP 5.3.26. These releases fix about 15 bugs, including > > CVE-2013-2110. All users of PHP are encouraged to upgrade to PHP 5.4.16. > > PHP 5.3.26 is recommended for those wishing to remain on the 5.3 series. > > Is there a way to access the content of the relevant bug report here? > https://bugs.php.net/bug.php?id=64879 Who is allowed to see these > private reports? > > private bugs can be only accessed by the php security team and some security people from vendors: http://git.php.net/?p=web/bugs.git;a=blob;f=include/trusted-devs.php I think that private bugs like that should be made public after the fixed version release, just like others do the same: https://bugzilla.redhat.com/show_bug.cgi?id=964969 usually searching for a CVE number on google works (after the fix is released). -- Ferenc Kovács @Tyr43l - http://tyrael.hu
