Hi Stefan, On 1/11/07, Stefan Esser <[EMAIL PROTECTED]> wrote:
> For your information, zip is not enabled by default. If you have a > bug/issue about the specific zip:// URL, please let me know. Ilia and > Tony already fixed some paths fixes and the fixes are available in > zip-1.8.4. They will be in 5.2.1. For your information Pierre: Security Bugs in PHP are usually found by me. So guess twice WHO told [EMAIL PROTECTED] that there are bufferoverflows in zip:// URLs and WHY there have been bugfixes to ext/zip.
No idea who posted them or if someone posted something about zip. As you know I have no access to security@ and so far all I see are commits in my packages without much explanations. Not like I do not want you or anyone else to help or to do not give you the credits. But I did not know that someone else reported the issues, I apologize for that.
BTW: Last time I checked, popular packages like dotdeb PHP activate ext/zip by default... And yes... Also prepare for the ***more than 30 vulnerabilities*** I disclosed to [EMAIL PROTECTED] during the last 3 weeks.
Nice, better later than never. Remember my numerous requests in the last months *BEFORE* the stable release (and you were still a PHP Securtiy member)?
Have fun...
I have fun anyway, if not I will not bother to discuss that here. --Pierre -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
