On Wed, 6 Mar 2002, Blake Girardot wrote:
> both the folks from mitel and most of the posters on php-dev and to bug > tracking system are not listening to the php.net developers. I believe that we have good reason to be wary about their judgement on security issues. > the 1.71.2.3 version of the file in question fixes the crashing bug too, its > just not included in the 4.1.2 tagged release. The 4.1.2 release is not particularly useful to us. We have RedHat RPMs of 4.0.6, and these have been tested in-house and by devinfo folks. The 1.71.2.3 version of rfc1867.c does not compile with 4.0.6, and still contains a number of boundary check problems. > [EMAIL PROTECTED] who submitted a patch to php.net didn't look in cvs to > see his suggested patch was redundent, code to address his suggested changes > was already checked in when he posted his patch. "fixed in CVS" can mean many things. It certainly didn't mean to me "there is a fixed version compatible with 4.0.6 in CVS if you care to look". The patch that Adrian submitted to php.net was mine, and was made on the 28th, soon after Rasmus posted his patch into CVS. On a lighter note, enjoy the irony of this CVS comment on the 4.0.7 version of rfc1867.c: 1.71.2.1 by andi 24th September 2001, 9:48pm - MFH. File uploads need to be tested thoroughly in RC3! -- Charlie Brady [EMAIL PROTECTED] Lead Product Developer Network Server Solutions Group http://www.e-smith.com/ Mitel Networks Corporation http://www.mitel.com/ Phone: +1 (613) 368 4376 or 564 8000 Fax: +1 (613) 564 7739 -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
