Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:72700 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 64387 invoked from network); 20 Feb 2014 10:04:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 20 Feb 2014 10:04:18 -0000 Authentication-Results: pb1.pair.com smtp.mail=tyra3l@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=tyra3l@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.216.179 as permitted sender) X-PHP-List-Original-Sender: tyra3l@gmail.com X-Host-Fingerprint: 209.85.216.179 mail-qc0-f179.google.com Received: from [209.85.216.179] ([209.85.216.179:51207] helo=mail-qc0-f179.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 88/D1-50585-023D5035 for ; Thu, 20 Feb 2014 05:04:16 -0500 Received: by mail-qc0-f179.google.com with SMTP id e16so2921833qcx.24 for ; Thu, 20 Feb 2014 02:04:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fd+N1WV1txkwPwMALWW2vB7lmRHnl4O77ul0DH0S5Sw=; b=x95rYLA4NxYRClDIhXkgOrmgoUaU7KwUkB6SRRwF5wITCjPCpIqejtsnzmN4RJuJu5 GWY4CE83bdMQn4l7xlNJITpxCd2RqpClJCmUg1DQU3QyBidxLh466sfHvXLCfwLV1TH9 n67CVWZ986yMyhn6Hjo+b0/7+4yOrDTXb0+c4RX0WwJ77H+hLN+oDMYizrq5MBuDKiag o4IZv4kzo27XaBaHBvOhnseN9f4OjNhz29OM+WWDslYjwUD3idAgFcMheMc07dJW8ge8 vmn58IVjRGnvtVhSkLTdDhSQb+yFu2T7CHTzuxyy1kuLitBx+4QBDwH53OJjbF1juHq9 Ikkw== MIME-Version: 1.0 X-Received: by 10.224.172.4 with SMTP id j4mr446050qaz.85.1392890653591; Thu, 20 Feb 2014 02:04:13 -0800 (PST) Received: by 10.140.96.70 with HTTP; Thu, 20 Feb 2014 02:04:13 -0800 (PST) In-Reply-To: References: Date: Thu, 20 Feb 2014 11:04:13 +0100 Message-ID: To: Tjerk Meesters Cc: PHP Internals Content-Type: multipart/alternative; boundary=001a11c2fcca9e4d2d04f2d3a03a Subject: Re: [PHP-DEV] Re: private bug reports From: tyra3l@gmail.com (Ferenc Kovacs) --001a11c2fcca9e4d2d04f2d3a03a Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, Feb 20, 2014 at 2:40 AM, Tjerk Meesters w= rote: > > > > On Wed, Feb 19, 2014 at 8:46 AM, Ferenc Kovacs wrote: > >> >> >> >> On Tue, Feb 18, 2014 at 8:43 PM, Tjerk Meesters > > wrote: >> >>> Hi, >>> >>> I was recently answering a question about null byte injection into PCRE >>> and >>> the OP claimed that a pattern such as "~.+~e\x00u" would be accepted; >>> they >>> were using 5.3. >>> >>> The commit that fixed it was this: >>> >>> https://github.com/php/php-src/commit/8b3c1a380a182655113b94b0b96551e98= d05a8d3 >>> >>> The corresponding (private) bug is: >>> https://bugs.php.net/bug.php?id=3D55856 >>> >>> My question is whether there's a defined "time out period" after which >>> those kind of sensitive bug reports are opened to the public; is it don= e >>> once we hit EOL for that branch? >>> >>> >>> -- >>> -- >>> Tjerk >>> >> >> AFAIK it should be opened after we have a release with the fix announced= , >> as there is no point in having a reference to a private bug in the relea= se >> announcement/Changelog. >> > > Thanks. If that's indeed the case, could someone please open the bug > report? :) > > I've opened it up, thanks for spotting it. --=20 Ferenc Kov=C3=A1cs @Tyr43l - http://tyrael.hu --001a11c2fcca9e4d2d04f2d3a03a--