hi, On Sat, 2007-05-05 at 12:48 -0400, Alan LeVee wrote: > The PHP development team has released a new version of PHP 5 that fixes > numerous security holes that affected both 5.2.0 and 5.2.1 (some of > which I found no fixes for in the Debian packages).
for the record, most/all of the unaddressed issues were either minor, non-issues (requiring a malicious user), or unsupported (i.e. safe-mode bypassing). if you feel otherwise you should address the issues specifically. > > I would these bugs to be taken very seriously especially the ones at > php-security.org because they affect a great many web applications. i hope you've never been given the impression otherwise. we spent several weeks digging up and testing the fixes from php's cvs repositories for the latest security advisories, which is a difficult and thankless effort. anyway, i've had an upload prepared since the day before yesterday, i'll upload it some time today. sean
signature.asc
Description: This is a digitally signed message part