[php-maint] Bug#658208: [pkg-php-maint] Bug#658208: [php5] README.Debian.security: "problems used by sloppy developers"

Ondřej Surý ondrej at debian.org
Wed Feb 8 18:33:50 UTC 2012


On Wed, Feb 8, 2012 at 18:03, Filipus Klutiero <chealer at gmail.com> wrote:
>> We provide some examples to illustrate that: putting untrusted data into
>> tar or unserialize functions without further checking may result in
>> adverse effects.
>
> I see. Could you please provide example CVEs, or the names of the specific
> relevant tar functions?

No, and there is no reason to do that.  It's not meant as definitive list, but
a list of few examples. I have run the current text[1] through our Debian L10N
English team and my opinion is that the text now accurately reflects PHP 5.4
security policy. You have never provided a consistent text we can use and
would make you happy (and yes I have checked both bug reports and the only
thing you have suggested was that we delete whole paragraph) and clearly
we cannot come to reasonable consensus, also because you consistently pick
new things (like this email).

Thus I am stopping this discussion here.

1. http://anonscm.debian.org/gitweb/?p=pkg-php/php.git;a=blob;f=debian/README.Debian.security;hb=HEAD

-- 
Ondřej Surý <ondrej at sury.org>





More information about the pkg-php-maint mailing list