On Wed, Aug 6, 2008 at 14:01, Derick Rethans <[EMAIL PROTECTED]> wrote: > On Wed, 6 Aug 2008, Hannes Magnusson wrote: > >> On Wed, Aug 6, 2008 at 13:30, Pierre Joye <[EMAIL PROTECTED]> wrote: >> > hi Marcus, >> > >> > On Wed, Aug 6, 2008 at 1:07 PM, Marcus Boerger <[EMAIL PROTECTED]> wrote: >> >> Hello Stanislav, >> >> >> >> we should not mention the reported, unless they provided a patch, >> > >> > Except for security issue >> >> In which case, it should be noted that it is a security issue. > > No, we don't usually do that. There is no need to wake sleeping dogs.
Security Enhancements and Fixes in PHP 5.2.6: * Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin. * Fixed integer overflow in printf() identified by Maksymilian Aciemowicz. * Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh. * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. * Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser. * Upgraded bundled PCRE to version 7.6 .... -Hannes -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php