Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:23686 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 51144 invoked by uid 1010); 26 May 2006 05:08:30 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 51129 invoked from network); 26 May 2006 05:08:30 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 26 May 2006 05:08:30 -0000 X-PHP-List-Original-Sender: steph@zend.com X-Host-Fingerprint: 192.38.9.232 gw2.emini.dk Linux 2.4/2.6 Received: from ([192.38.9.232:2217] helo=gw2.emini.dk) by pb1.pair.com (ecelerity 2.0 beta r(6323M)) with SMTP id 4D/7E-17316-D4D86744 for ; Fri, 26 May 2006 01:08:29 -0400 Received: from foxbox (IGLD-84-228-79-24.inter.net.il [84.228.79.24]) by gw2.emini.dk (Postfix) with ESMTP id 90ABDB38AD; Fri, 26 May 2006 07:08:25 +0200 (CEST) Message-ID: <0bb301c68081$faecb070$6602a8c0@foxbox> Reply-To: "Steph Fox" To: "Sara Golemon" , "steve" Cc: "Jasper Bryant-Greene" , References: <57792e850605251928l18e540b4w53562ca12e733f55@mail.gmail.com> <57792e850605251954x5e091fc6td14ae06a9129b1ba@mail.gmail.com> <44767083.7000206@album.co.nz> <001801c68079$29d1c7d0$88051fac@OHRLVN4523SG> Date: Fri, 26 May 2006 07:05:15 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: Re: [PHP-DEV] How critical does a bug need to be to warrant a newPHP release (like 5.1.5)? From: steph@zend.com ("Steph Fox") - or security@php.net - or both :) ----- Original Message ----- From: "Sara Golemon" To: "steve" Cc: "Jasper Bryant-Greene" ; Sent: Friday, May 26, 2006 6:02 AM Subject: Re: [PHP-DEV] How critical does a bug need to be to warrant a newPHP release (like 5.1.5)? >>> What if it requires a PHP script flaw also (like calling a method from >>> an object that doesn't exist)? I can shut down many a site that have >>> 5.1.4 if I can find some input to expose a script flaw like that, if >>> their setup is similar to mine (which I think is common). Damn search >>> engine came across such a bug of mine on a test site and shut it down. >>> Killed a couple others it wasn't searching because of it also. >>> Accidental DOS! Oh the joy... >>> >> Would you care to elaborate? Maybe a sample script that exhibits this >> behaviour? >> > Actually, please don't. If it's as serious as you make it out to be, > we'll want to produce a fix and roll a release before the details get to > any black hats. > > Please send your summary to group@php.net > > -Sara > -- > PHP Internals - PHP Runtime Development Mailing List > To unsubscribe, visit: http://www.php.net/unsub.php > > > __________ NOD32 1.1380 (20060125) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > >