On Tue, 2007-03-20 at 13:34 +0100, Raphael Marichez wrote: > > Those who are concerned with security should follow our GLSAs. Those who > are really worried about real-time security should follow our bugzilla, > different information sources (full-disc, secunia...), or the upstream > advisories. > > > Generally, if you are warned about a security weakness on a stable > gentoo package, please go to bugs.gentoo.org, perform a quick search, > and if the search returns no result, please open a bug in the "Gentoo > Security" category. (but most of the time, there will already be an > opened bug). In that case the bug already existed.
I did report the issue. It was added to the month of PHP bugs tracker. However, I don't agree with your out of hand dismissal of sending this to the list. Webapps under Gentoo are difficult to maintain at best. People should know, and this is a very public security issue that people can quickly and easily address. I fail to see the harm in mentioning it. I certainly don't need any reinforcement on how to read GLSAs or search bugzilla, but thanks for the information. Wendall
signature.asc
Description: This is a digitally signed message part
