On Wed, February 1, 2012 01:53, Filipus Klutiero wrote: > Package: php5 > Version: 5.3.9-1 > Severity: minor > > README.Debian.security contains: > >> Most specifically, the security team will not provide >> support for flaws in: >> >> - problems which are not flaws in the design of php but can be >> problematic >> when used by sloppy developers (for example: not checking the contents >> of a tar file before extracting it, using unserialize() on >> untrusted data, or relying on a specific value of short_open_tag). > > Sloppy developers do not use problems, although crackers may. > This is unclear and I frankly wouldn't know how to reformulate besides: >> - application code > But if that's what it means, then I don't think it's worth a mention at > this place.
I've changed it to read: - functionality which is not flawed in the design of PHP but can be problematic when used by sloppy developers (for example: not Thijs -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org