[php-maint] Bug#658208: [php5] README.Debian.security: "problems used by sloppy developers"
Filipus Klutiero
chealer at gmail.com
Wed Feb 1 00:53:13 UTC 2012
Package: php5
Version: 5.3.9-1
Severity: minor
README.Debian.security contains:
> Most specifically, the security team will not provide
> support for flaws in:
>
> - problems which are not flaws in the design of php but can be
> problematic
> when used by sloppy developers (for example: not checking the contents
> of a tar file before extracting it, using unserialize() on
> untrusted data, or relying on a specific value of short_open_tag).
Sloppy developers do not use problems, although crackers may.
This is unclear and I frankly wouldn't know how to reformulate besides:
> - application code
But if that's what it means, then I don't think it's worth a mention at
this place.
More information about the pkg-php-maint
mailing list