Am 10.07.2010 23:52, schrieb Rasmus Lerdorf: > On 7/10/10 2:32 PM, Reindl Harald wrote: >> Why there are no point releases for security-bugs? >> >> The changelog form 5.3.2 to 5.3.3 RCx shows many >> security releases which are well known in the meantime >> >> It's VERY bad to schedule thmen always only with >> the normal bugfixes and also on production servers >> it can not be recommended to backport them by the admin >> >> So why there is no 5.3.2.1 which only fixes them? > > None of the security issues are serious remotely exploitable ones. They > are all local.
What is enough on shared hosting because there are many ways to trigger local exploits. If there is ANY eval-injection in a for the admin unkown script you heave a full remote-exploit
signature.asc
Description: OpenPGP digital signature
