David Eriksson <[EMAIL PROTECTED]> wrote: > I just read about the "PHP audit project" on NewsForge. More info here: > > http://phpaudit.42-networks.com/ > > Their patch looked great to me, although I didn't browse through all of > it... :-)
it's unfortunate that they're auditing 4.1.2, instead of the CVS HEAD (or the 4.2 branch). there are definitely parts of that patch that will not apply. a lot has changed since 4.1 branched a zillion years ago. but it is very nice to see someone taking on the task of tightening things up. it is a little annoying to read things in their mailing list archive like "One probably exploitable buffer overflow has been fixed, as well as a format string vulnerability." thanks for the heads up, guys. it would be nice if they were feeding us these patches in manageable chunks. one giant patch is unlikely to be accepted quickly. jim -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, visit: http://www.php.net/unsub.php
