[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi

[Andi Gutmans]

A couple of these were buffer overflows IIRC which were security issues.
Remember the group@ emails about those?
Andi

At 07:17 PM 3/21/2001 +0100, Sascha Schumann wrote:
> > I think most (probably not all) pl's were sparked due to security bugs
> > which were found and we took the opportunity to add another couple of
> > important fixes. Those kind of pl's would not have been prevented by any
> > Great Plan.
>
>     If I remember correctly, 4.0.4pl1 was the only release
>     which also happened to include security-related changes
>     beside important bug fixes.
>
>     Here is a quick summary.
>
>     4.0.4pl1, two weeks after 4.0.4
>     - broken user function calls affects modules like XML and
>       Session, broken Apache Config
>
>     4.0.3pl1, three days after 4.0.3
>     - broken Apache Config handling
>
>     4.0.1pl2, two days after 4.0.1
>     - broken error_reporting() and readdir()
>
>     4.0b4pl1, one day after 4.0b4
>     - magic_quotes crash
>
>     - Sascha                                     Experience IRCG
>       http://schumann.cx/                http://schumann.cx/ircg


-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]