On Wed, Aug 6, 2008 at 14:01, Derick Rethans <[EMAIL PROTECTED]> wrote:
> On Wed, 6 Aug 2008, Hannes Magnusson wrote:
>
>> On Wed, Aug 6, 2008 at 13:30, Pierre Joye <[EMAIL PROTECTED]> wrote:
>> > hi Marcus,
>> >
>> > On Wed, Aug 6, 2008 at 1:07 PM, Marcus Boerger <[EMAIL PROTECTED]> wrote:
>> >> Hello Stanislav,
>> >>
>> >> we should not mention the reported, unless they provided a patch,
>> >
>> > Except for security issue
>>
>> In which case, it should be noted that it is a security issue.
>
> No, we don't usually do that. There is no need to wake sleeping dogs.
Security Enhancements and Fixes in PHP 5.2.6:
* Fixed possible stack buffer overflow in the FastCGI SAPI
identified by Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside
escapeshellcmd() identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
....
-Hannes
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
