Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:15717
Return-Path: <twells@fsckit.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 13675 invoked by uid 1010); 31 Mar 2005 22:21:31 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 13634 invoked from network); 31 Mar 2005 22:21:31 -0000
Received: from unknown (HELO fsckit.net) (127.0.0.1)
  by localhost with SMTP; 31 Mar 2005 22:21:31 -0000
X-Host-Fingerprint: 199.201.145.67 pulse.fsckit.net Solaris 8 (1)
Received: from ([199.201.145.67:48313] helo=pulse.fsckit.net)
	by pb1.pair.com (ecelerity HEAD r(5268)) with SMTP
	id AB/DB-22409-9E77C424 for <general@lists.php.net>; Thu, 31 Mar 2005 17:21:30 -0500
Received: from twells by pulse.fsckit.net with local (Exim)
	id 1DH83f-0004i6-RM; Thu, 31 Mar 2005 17:22:35 -0500
Date: Thu, 31 Mar 2005 17:22:35 -0500
To: Ilia Alshanetsky <ilia@prohost.org>
Cc: PHP Internals List <internals@lists.php.net>, general@lists.php.net
Message-ID: <20050331222235.GD4676@fsckit.net>
References: <424C709E.6000408@prohost.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <424C709E.6000408@prohost.org>
X-Copyright: This email is Copyright (c)2004 by twells@fsckit.net. All rights reserved.
X-GPG-Fingerprint: 1648 A25D A917 3A9A 4444  6C93 8AD3 228F 32F5 1ABC
X-BOFH: Do you feel lucky?
X-Jihad: I will hunt down all who spam my account. Try me.
User-Agent: Mutt/1.5.7i
Subject: Re: [ANNOUNCE] PHP 4.3.11 & 5.0.4 Released!
From: php@fsckit.net ("Tabor J. Wells")

On Thu, Mar 31, 2005 at 04:50:22PM -0500,
Ilia Alshanetsky <ilia@prohost.org> is thought to have said:

> The PHP Development Team would like to announce the immediate release of 
> PHP 4.3.11 and 5.0.4.  These are maintenance releases that in addition 
> to fixing over 70 non-critical bugs, address several security issues. 
> The addressed security issues include fixes to the exif and fbsql 
> extensions, as well as fixes to unserialize(), swf_definepoly() and 
> getimagesize().

Perhaps in the future issues involving security fixes could include a bit
more detail so those of us running critical production environments can make
a determination of scope of the problem? Things like 'you must have this
extension enabled to be vulnerable' and 'vulnerability results in a denial
of service (or remote command execution, or local privilege escalation, etc)'
would be very useful for sysadmins.

-- 
--------------------------------------------------------------------
Tabor J. Wells                                     twells@fsckit.net
Fsck It!                 Just another victim of the ambient morality