-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pierre Schmitz wrote: > Hi, > > march will be he day of php-bugs (http://www.php-security.org/). I`ll try to > follow this advisories and tell you if the php-version provided by arch is > affected and what could be done to solve the problems. > > > 1) The destruction of deeply nested PHP arrays will exhaust all available > stack which leads to remotely triggerable crashes. > http://www.php-security.org/MOPB/MOPB-03-2007.html > > 2) A deep recursion of PHP userland code will exhaust all available stack > which leads to a sometimes remotely triggerable crash. > http://www.php-security.org/MOPB/MOPB-02-2007.html > > > Both problems will not be patched; the only solution is to use php-suhosin and > php-suhosin-extension from [community] > > Pierre Nice ! Many thanks for this ( and future ) work on php. If you want, you can write these bug on my tracker ( jjdanimoth.netsons.org/flyspray ).
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5wBCcJj0HNhER0MRAnJaAJ9Idiv/SSuCjqJOQamK6BXsmJuOxgCdHxMp k9vkPDzT+NGPfvXtfWgb+us= =bYzb -----END PGP SIGNATURE----- _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
