How critical does a bug need to be to warrant a new PHP release (like
5.1.5)? Are there specific criteria already laid out?
How critical does a bug need to be to warrant a new PHP release (like
5.1.5)? Are there specific criteria already laid out?
Security issues or critical bugs (for example segfaults or huge leaks
not managed by the memory manager). Ilia will certainly complete this
list :-)
--Pierre
What if it requires a PHP script flaw also (like calling a method from
an object that doesn't exist)? I can shut down many a site that have
5.1.4 if I can find some input to expose a script flaw like that, if
their setup is similar to mine (which I think is common). Damn search
engine came across such a bug of mine on a test site and shut it down.
Killed a couple others it wasn't searching because of it also.
Accidental DOS! Oh the joy...
:(
Oh well, 5.1.2 works fine for now.
How critical does a bug need to be to warrant a new PHP release (like
5.1.5)? Are there specific criteria already laid out?Security issues or critical bugs (for example segfaults or huge leaks
not managed by the memory manager). Ilia will certainly complete this
list :-)--Pierre
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Would you care to elaborate? Maybe a sample script that exhibits this
behaviour?
Jasper
steve wrote:
What if it requires a PHP script flaw also (like calling a method from
an object that doesn't exist)? I can shut down many a site that have
5.1.4 if I can find some input to expose a script flaw like that, if
their setup is similar to mine (which I think is common). Damn search
engine came across such a bug of mine on a test site and shut it down.
Killed a couple others it wasn't searching because of it also.
Accidental DOS! Oh the joy...:(
Oh well, 5.1.2 works fine for now.
How critical does a bug need to be to warrant a new PHP release (like
5.1.5)? Are there specific criteria already laid out?Security issues or critical bugs (for example segfaults or huge leaks
not managed by the memory manager). Ilia will certainly complete this
list :-)--Pierre
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEdnCDFfAeHhDzT4gRA4iqAKCQFanzjvSiF2+k+ChCc9Dj6m9N5ACgkLDS
ICdJtzKh99zrdnR/PYwgK+A=
=ocva
-----END PGP SIGNATURE
What if it requires a PHP script flaw also (like calling a method from
an object that doesn't exist)? I can shut down many a site that have
5.1.4 if I can find some input to expose a script flaw like that, if
their setup is similar to mine (which I think is common). Damn search
engine came across such a bug of mine on a test site and shut it down.
Killed a couple others it wasn't searching because of it also.
Accidental DOS! Oh the joy...Would you care to elaborate? Maybe a sample script that exhibits this
behaviour?
Actually, please don't. If it's as serious as you make it out to be, we'll
want to produce a fix and roll a release before the details get to any black
hats.
Please send your summary to group@php.net
-Sara
- or security@php.net -
or both :)
----- Original Message -----
From: "Sara Golemon" pollita@php.net
To: "steve" iamstever@gmail.com
Cc: "Jasper Bryant-Greene" jasper@album.co.nz; internals@lists.php.net
Sent: Friday, May 26, 2006 6:02 AM
Subject: Re: [PHP-DEV] How critical does a bug need to be to warrant a
newPHP release (like 5.1.5)?
What if it requires a PHP script flaw also (like calling a method from
an object that doesn't exist)? I can shut down many a site that have
5.1.4 if I can find some input to expose a script flaw like that, if
their setup is similar to mine (which I think is common). Damn search
engine came across such a bug of mine on a test site and shut it down.
Killed a couple others it wasn't searching because of it also.
Accidental DOS! Oh the joy...Would you care to elaborate? Maybe a sample script that exhibits this
behaviour?Actually, please don't. If it's as serious as you make it out to be,
we'll want to produce a fix and roll a release before the details get to
any black hats.Please send your summary to group@php.net
-Sara
__________ NOD32 1.1380 (20060125) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com