Am 07.06.2013 01:58, schrieb Stas Malyshev:
Hello!
The PHP development team announces the immediate availability of PHP
5.4.16 and PHP 5.3.26. These releases fix about 15 bugs, including
CVE-2013-2110. All users of PHP are encouraged to upgrade to PHP 5.4.16.
PHP 5.3.26 is recommended for those wishing to remain on the 5.3 series.
Is there a way to access the content of the relevant bug report here?
https://bugs.php.net/bug.php?id=64879 Who is allowed to see these
private reports?
Greetings,
Pierre
--
Pierre Schmitz, https://pierre-schmitz.com
Am 07.06.2013 01:58, schrieb Stas Malyshev:
Hello!
The PHP development team announces the immediate availability of PHP
5.4.16 and PHP 5.3.26. These releases fix about 15 bugs, including
CVE-2013-2110. All users of PHP are encouraged to upgrade to PHP 5.4.16.
PHP 5.3.26 is recommended for those wishing to remain on the 5.3 series.Is there a way to access the content of the relevant bug report here?
https://bugs.php.net/bug.php?id=64879 Who is allowed to see these
private reports?
private bugs can be only accessed by the php security team and some
security people from vendors:
http://git.php.net/?p=web/bugs.git;a=blob;f=include/trusted-devs.php
I think that private bugs like that should be made public after the fixed
version release, just like others do the same:
https://bugzilla.redhat.com/show_bug.cgi?id=964969
usually searching for a CVE number on google works (after the fix is
released).
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu