On Thu, Mar 31, 2005 at 04:50:22PM -0500, Ilia Alshanetsky <[EMAIL PROTECTED]> is thought to have said:
> The PHP Development Team would like to announce the immediate release of > PHP 4.3.11 and 5.0.4. These are maintenance releases that in addition > to fixing over 70 non-critical bugs, address several security issues. > The addressed security issues include fixes to the exif and fbsql > extensions, as well as fixes to unserialize(), swf_definepoly() and > getimagesize(). Perhaps in the future issues involving security fixes could include a bit more detail so those of us running critical production environments can make a determination of scope of the problem? Things like 'you must have this extension enabled to be vulnerable' and 'vulnerability results in a denial of service (or remote command execution, or local privilege escalation, etc)' would be very useful for sysadmins. -- -------------------------------------------------------------------- Tabor J. Wells [EMAIL PROTECTED] Fsck It! Just another victim of the ambient morality -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
