FAQ
hey all,


a quick introduction: i'm one of the folks maintaining the debian
php4/php5 packages. we're currently on the cusp of cutting a new stable
release "etch" (funny, i'd *swear* we've been saying that since
december...), which will include the second-to-most-recent releases of
4.4.x and 5.2.x with the security fixes from the most recent releases
backported.

my first question: do you have a designated person/list for security
related issues? it looks like i ended up becoming "point guy" for
tackling the various security issues that come up from time to time, and
it'd be nice if we could establish some lines of communication.
specifically it would be nice to have someone to contact when a new
vulnerability is reported who could point me at the relevant
files/changesets for specific fixes so i don't have to spend an evening
digging through CVS logs :)

as i mentioned, the latest version of php5 in etch includes a bunch of
fixes backported from the 5.2.1 release, but i believe that there are
good number of the mopb issues that either were not fixed in 5.2.1 or
were fixed but not backported by us. i'll probably start sending emails
here (or to whoever steps up as a contact point) with questions in the
near future for some of them. however, most pressing is mopb #44:

http://php-security.org/MOPB/MOPB-44-2007.html

the (long) cast mm bug. i think i've found the relevant fix, but i
could use a verification from someone here as a quick sanity check:

http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.144.2.3.2.27&r2=1.144.2.3.2.28&view=patch

is that it?


thanks,

sean

ps - as per the list guidelines i'm not digitally signing this email
with my pgp/gpg key. but if you need it, my keyid is 0x6e76d81d.

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupphp-internals @
categoriesphp
postedApr 3, '07 at 10:33p
activeApr 3, '07 at 10:41p
posts2
users2
websitephp.net

2 users in discussion

Stanislav Malyshev: 1 post Sean finney: 1 post

People

Translate

site design / logo © 2022 Grokbase