Re: PHP 5.4.16 and PHP 5.3.26 released!
On Fri, Jun 7, 2013 at 6:34 AM, Pierre Schmitz <[email protected]> wrote:
> Am 07.06.2013 01:58, schrieb Stas Malyshev:
> > Hello!
> >
> > The PHP development team announces the immediate availability of PHP
> > 5.4.16 and PHP 5.3.26. These releases fix about 15 bugs, including
> > CVE-2013-2110. All users of PHP are encouraged to upgrade to PHP 5.4.16..
> > PHP 5.3.26 is recommended for those wishing to remain on the 5.3 series..
>
> Is there a way to access the content of the relevant bug report here?
> https://bugs.php.net/bug.php?id=64879 Who
> is allowed to see these
> private reports?
>
>
private bugs can be only accessed by the php security team and some
security people from vendors:
http://git.php.net/?p=web/bugs.git;a=blob;f=include/trusted-devs.php
I think that private bugs like that should be made public after the fixed
version release, just like others do the same:
https://bugzilla.redhat.com/show_bug.cgi?id=964969
usually searching for a CVE number on google works (after the fix is
released).
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
Thread (7 messages)