Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:29542 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 32436 invoked by uid 1010); 19 May 2007 08:22:54 -0000 Delivered-To: ezmlm-scan-internals@lists.php.net Delivered-To: ezmlm-internals@lists.php.net Received: (qmail 32420 invoked from network); 19 May 2007 08:22:54 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 19 May 2007 08:22:54 -0000 Authentication-Results: pb1.pair.com header.from=stas@zend.com; sender-id=pass Authentication-Results: pb1.pair.com smtp.mail=stas@zend.com; spf=pass; sender-id=pass Received-SPF: pass (pb1.pair.com: domain zend.com designates 63.205.162.114 as permitted sender) X-PHP-List-Original-Sender: stas@zend.com X-Host-Fingerprint: 63.205.162.114 unknown Windows 2000 SP4, XP SP1 Received: from [63.205.162.114] ([63.205.162.114:8495] helo=us-ex1.zend.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D6/F4-00717-563BE464 for ; Sat, 19 May 2007 04:20:54 -0400 Received: from [127.0.0.1] ([192.168.17.30]) by us-ex1.zend.com with Microsoft SMTPSVC(6.0.3790.1830); Sat, 19 May 2007 01:20:51 -0700 Message-ID: <464EB35E.5020109@zend.com> Date: Sat, 19 May 2007 01:20:46 -0700 Organization: Zend Technologies User-Agent: Thunderbird 2.0.0.0 (Windows/20070326) MIME-Version: 1.0 To: Stefan Esser CC: internals@lists.php.net References: <464DCB8C.90803@chiaraquartet.net> <7d5a202f0705181813l221248cdu85197a82a1ee4227@mail.gmail.com> <464E5856.5000901@zend.com> <464EA287.5020605@hardened-php.net> <464EA816.20406@zend.com> <464EAEB4.6010402@hardened-php.net> In-Reply-To: <464EAEB4.6010402@hardened-php.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 19 May 2007 08:20:51.0139 (UTC) FILETIME=[9C916930:01C799EE] Subject: Re: [PHP-DEV] potential solution to user streams + allow_url_include=off From: stas@zend.com (Stanislav Malyshev) > Ohh BTW. I am aware of many security problems in current PHP, actually > the whole world > is, because there are still a lot of "local" vulnerabilities unfixed We seem to be in a disagreement about what security vulnerability is. However, it is not very important since bugs are to be fixed anyway. I am aware of one issue still unfixed - listed as #27 and #28. There are also #1 and #2 which can not be fixed right now. Are there any other? > that were disclosed during > the MOPB. The ext/filter email issue is also not fixed in 5.2.2 I was talking about current code. Barring the possibility of time travel, there's no way to fix anything in 5.2.2 now, so discussing it is kinda pointless. > And yes I know a bunch of bugs in PHP that were not disclosed during the > MOPB. And you do not report them because? > But what sense does it make to release them now, while a bunch of MOPB bugs > are not yet fixed or were marked as fixed in the release notes of 5.2.2 > but were not actually fixed. Those being? -- Stanislav Malyshev, Zend Products Engineer stas@zend.com http://www.zend.com/