[php-maint] Bug#658208: Bug#658208: [php5] README.Debian.security: "problems used by sloppy developers"
Thijs Kinkhorst
thijs at debian.org
Thu Feb 2 09:13:36 UTC 2012
On Wed, February 1, 2012 01:53, Filipus Klutiero wrote:
> Package: php5
> Version: 5.3.9-1
> Severity: minor
>
> README.Debian.security contains:
>
>> Most specifically, the security team will not provide
>> support for flaws in:
>>
>> - problems which are not flaws in the design of php but can be
>> problematic
>> when used by sloppy developers (for example: not checking the contents
>> of a tar file before extracting it, using unserialize() on
>> untrusted data, or relying on a specific value of short_open_tag).
>
> Sloppy developers do not use problems, although crackers may.
> This is unclear and I frankly wouldn't know how to reformulate besides:
>> - application code
> But if that's what it means, then I don't think it's worth a mention at
> this place.
I've changed it to read:
- functionality which is not flawed in the design of PHP but can be
problematic when used by sloppy developers (for example: not
Thijs
More information about the pkg-php-maint
mailing list