Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:57667
Return-Path: <tyra3l@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 25021 invoked from network); 3 Feb 2012 21:52:08 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 3 Feb 2012 21:52:08 -0000
Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.49 as permitted sender)
X-PHP-List-Original-Sender: tyra3l@gmail.com
X-Host-Fingerprint: 209.85.216.49 mail-qw0-f49.google.com  
Received: from [209.85.216.49] ([209.85.216.49:34630] helo=mail-qw0-f49.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 37/42-08838-5075C2F4 for <internals@lists.php.net>; Fri, 03 Feb 2012 16:52:06 -0500
Received: by qadc14 with SMTP id c14so2831345qad.8
        for <internals@lists.php.net>; Fri, 03 Feb 2012 13:52:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=2/oHOeeQ2Ikx5cLZCTVxlHVrhy48CZSUQax9bMX6/os=;
        b=Aqj2TdKfyCI3tyo/q6bN16aNtt0ZDfUanxulXy53eu9F1z6hybFyrq92ehFzh+LlcV
         Dyq37DDDjTj8vjKRcUo/LorvGIkloWpdp9kJpyPFiFl+pMtJNB4VvAdg1oueqsII8Dku
         H10C5SqVJgfOmlZxJmXHChBTqUr+UfXCmNTXg=
MIME-Version: 1.0
Received: by 10.224.187.145 with SMTP id cw17mr10827300qab.37.1328305922554;
 Fri, 03 Feb 2012 13:52:02 -0800 (PST)
Received: by 10.229.235.137 with HTTP; Fri, 3 Feb 2012 13:52:02 -0800 (PST)
In-Reply-To: <4F2C5388.4030306@thelounge.net>
References: <D5EC076D-8518-4CDC-913F-5A3F3BB97367@sektioneins.de>
	<op.v83qfyebidpuyk@slws007.slhq.int>
	<op.v83vw0bcidpuyk@slws007.slhq.int>
	<4F2C4743.8070609@gmail.com>
	<4F2C5388.4030306@thelounge.net>
Date: Fri, 3 Feb 2012 22:52:02 +0100
Message-ID: <CAH-PCH6W76uv+AMQQPC2gxORFaRW1Nnd4U6VSjcJzRFJCxe2kA@mail.gmail.com>
To: Reindl Harald <h.reindl@thelounge.net>
Cc: internals@lists.php.net
Content-Type: multipart/alternative; boundary=20cf30363ed3aabcc904b816529f
Subject: Re: [PHP-DEV] The case of HTTP response splitting protection in PHP
From: tyra3l@gmail.com (Ferenc Kovacs)

--20cf30363ed3aabcc904b816529f
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 3, 2012 at 10:37 PM, Reindl Harald <h.reindl@thelounge.net>wrot=
e:

>
>
> Am 03.02.2012 21:44, schrieb =C3=81ngel Gonz=C3=A1lez:
> >> If you or anyone else find any problem, please report a bug; otherwise
> >> I'll merge to 5.3 and 5.4 once 5.4 is out of code freeze.
> >>
> > As it's a security patch and of small scope, I would consider it for
> > 5.4. Stas, David?
>
> as it is SECURITY relevant it has to be considered NOW meaning 5.3 and no=
t
> sometimes in the future!
>
>
of course it will be included in 5.3
5.4 was only mentioned explicitly, because it is under commit freeze and
only commits approved by the RMs allowed to be included.
in this case I think they will approve this obviously.


--=20
Ferenc Kov=C3=A1cs
@Tyr43l - http://tyrael.hu

--20cf30363ed3aabcc904b816529f--