Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:23684
Return-Path: <pollita@php.net>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 29696 invoked by uid 1010); 26 May 2006 04:02:20 -0000
Delivered-To: ezmlm-scan-internals@lists.php.net
Delivered-To: ezmlm-internals@lists.php.net
Received: (qmail 29681 invoked from network); 26 May 2006 04:02:20 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 26 May 2006 04:02:20 -0000
X-PHP-List-Original-Sender: pollita@php.net
X-Host-Fingerprint: 69.12.155.130 69-12-155-130.dsl.static.sonic.net Linux 2.4/2.6
Received: from ([69.12.155.130:3988] helo=pigeon.alphaweb.net)
	by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP
	id F2/EB-17316-BCD76744 for <internals@lists.php.net>; Fri, 26 May 2006 00:02:19 -0400
Received: from localhost ([127.0.0.1] helo=OHRLVN4523SG)
	by pigeon.alphaweb.net with smtp (Exim 4.10)
	id 1FjSs9-0007Kh-00; Thu, 25 May 2006 20:20:21 -0700
Message-ID: <001801c68079$29d1c7d0$88051fac@OHRLVN4523SG>
To: "steve" <iamstever@gmail.com>
Cc: "Jasper Bryant-Greene" <jasper@album.co.nz>,
	<internals@lists.php.net>
References: <57792e850605251928l18e540b4w53562ca12e733f55@mail.gmail.com>	<fe05d1540605251937x3675a8bcoe346e14fb1082e9e@mail.gmail.com> <57792e850605251954x5e091fc6td14ae06a9129b1ba@mail.gmail.com> <44767083.7000206@album.co.nz>
Date: Thu, 25 May 2006 21:02:10 -0700
MIME-Version: 1.0
Content-Type: text/plain;
	format=flowed;
	charset="UTF-8";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Subject: Re: [PHP-DEV] How critical does a bug need to be to warrant a newPHP release (like 5.1.5)?
From: pollita@php.net ("Sara Golemon")

>> What if it requires a PHP script flaw also (like calling a method from
>> an object that doesn't exist)? I can shut down many a site that have
>> 5.1.4 if I can find some input to expose a script flaw like that, if
>> their setup is similar to mine (which I think is common). Damn search
>> engine came across such a bug of mine on a test site and shut it down.
>> Killed a couple others it wasn't searching because of it also.
>> Accidental DOS! Oh the joy...
>>
> Would you care to elaborate? Maybe a sample script that exhibits this
> behaviour?
>
Actually, please don't.  If it's as serious as you make it out to be, we'll 
want to produce a fix and roll a release before the details get to any black 
hats.

Please send your summary to group@php.net

-Sara