Hannes Magnusson kirjoitti:
On Wed, Aug 6, 2008 at 14:01, Derick Rethans <[EMAIL PROTECTED]> wrote:
On Wed, 6 Aug 2008, Hannes Magnusson wrote:
On Wed, Aug 6, 2008 at 13:30, Pierre Joye <[EMAIL PROTECTED]> wrote:
hi Marcus,
On Wed, Aug 6, 2008 at 1:07 PM, Marcus Boerger <[EMAIL PROTECTED]> wrote:
Hello Stanislav,
we should not mention the reported, unless they provided a patch,
Except for security issue
In which case, it should be noted that it is a security issue.
No, we don't usually do that. There is no need to wake sleeping dogs.
Security Enhancements and Fixes in PHP 5.2.6:
* Fixed possible stack buffer overflow in the FastCGI SAPI
identified by Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside
escapeshellcmd() identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
IMO, mentioning the "founder" of the issue is totally useless. There shouldn't
be any difference between "regular" bug or possibly security related bug.
And I don't think we need to start mentioning every single bug reportees name,
do we? Bug is a bug.
--Jani
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php