Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:96693 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 93608 invoked from network); 1 Nov 2016 09:32:15 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 1 Nov 2016 09:32:15 -0000 Authentication-Results: pb1.pair.com smtp.mail=nikita.ppv@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=nikita.ppv@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 74.125.82.46 as permitted sender) X-PHP-List-Original-Sender: nikita.ppv@gmail.com X-Host-Fingerprint: 74.125.82.46 mail-wm0-f46.google.com Received: from [74.125.82.46] ([74.125.82.46:36703] helo=mail-wm0-f46.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 7B/A1-07317-E1168185 for ; Tue, 01 Nov 2016 04:32:14 -0500 Received: by mail-wm0-f46.google.com with SMTP id p190so194465492wmp.1 for ; Tue, 01 Nov 2016 02:32:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2TqpGI5XyBRKomvv6qZoo8DgCSwPZFNtgsKrwOpObAM=; b=OkiKAGCQiuOmbLP7uajRH0nwuS/oMp7ASdSQh5Rl0sWx4snOCvtZCw3PY8wnVt1F4P 48o0JW8Wg17JKcJOz0MjnJ+mCkCDPsZg/ekaqARBELOCaYhWwAwY8L5jukJ920E1kQ2o b4Z06eXKvOe6zOCeiC54gZEa0GHm+lPRZKq0aCpL+7RuqwnZopchjHMev8wOU72x9QJ3 LVpL6rykRj18RdjH7uj2vAVikUkYRJ+NtyBqpu5u3U0326iEC/a+/cbr0RxRNdE4OaqF ZTg0cwxyq+9sVpykK1xrqA3fjFbnTPdIjjRhe+2eEaMDejzBrkayLtXgOAP7ELu+Ncib y67Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2TqpGI5XyBRKomvv6qZoo8DgCSwPZFNtgsKrwOpObAM=; b=KPCVNmFXJ2bxgIE6zwMor2cHIunk+Cp078rWNLSoFv0ZacP2VMPTte+iEczPPyDxYO hwcqFvuq3hAyts1crKpWXTiOZUwHr9OzGmy1R7YrPdCxP3hfnkC60Gi/Atrc23XEcNaB Go7ufI1o4lOh0tYjN5i26e9N+bpdr080Pscv0ohXmTF9u2NJtr1TBd9Ldab4hPbVwtxc nxstgh9ItgNJ58An9+Fge0bQpMbTjx0qlQFwuTg0KWtp5R/sOgzJYjvJeDfxRVBKitD0 t77tV6idOstmZMf314J6AjaWc6CjpXkIsSnBos2vun99NH5UZmM9uWZebvyLzEBK9TJ7 hlig== X-Gm-Message-State: ABUngvdXpvo6JzG25UXu/m9QrBYxjFX2GOFhHufUzr6pJWNnfDy5OpdybVz22UhtpBfsxHigInst6QbH2QOmTA== X-Received: by 10.28.127.9 with SMTP id a9mr750083wmd.95.1477992730935; Tue, 01 Nov 2016 02:32:10 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.158.8 with HTTP; Tue, 1 Nov 2016 02:32:10 -0700 (PDT) In-Reply-To: <1079b404-e133-685f-9a22-ff7444da04f5@gmail.com> References: <1ae4bea0-d62b-fd61-f6b6-55762e97df6e@gmail.com> <017b01d22dfc$cbead8e0$63c08aa0$@belski.net> <1079b404-e133-685f-9a22-ff7444da04f5@gmail.com> Date: Tue, 1 Nov 2016 10:32:10 +0100 Message-ID: To: Stanislav Malyshev Cc: Anatol Belski , PHP Internals , Remi Collet Content-Type: multipart/alternative; boundary=001a1141cf7ab547ec054039ff52 Subject: Re: [PHP-DEV] bug classification discussion From: nikita.ppv@gmail.com (Nikita Popov) --001a1141cf7ab547ec054039ff52 Content-Type: text/plain; charset=UTF-8 On Sun, Oct 30, 2016 at 6:21 AM, Stanislav Malyshev wrote: > Hi! > > So I wrote a first version of the document Anatol mentioned: > > https://wiki.php.net/security > > Please comment. Fixes to the grammar and typos are especially welcome > (you can just do them in the wiki without asking :) > It would be nice to add specific examples (e.g. the string overflow case to low). I'm also wondering under which category unserialize() issues would (usually) fall. I'd assume "low" (because requires documented insecure code + well known class of vulnerabilities). Nikita --001a1141cf7ab547ec054039ff52--