Re: Re: private bug reports
On Thu, Feb 20, 2014 at 2:40 AM, Tjerk Meesters <[email protected]>wrote:
>
>
>
> On Wed, Feb 19, 2014 at 8:46 AM, Ferenc Kovacs <[email protected]> wrote:
>
>>
>>
>>
>> On Tue, Feb 18, 2014 at 8:43 PM, Tjerk Meesters <[email protected]
>> > wrote:
>>
>>> Hi,
>>>
>>> I was recently answering a question about null byte injection into PCRE
>>> and
>>> the OP claimed that a pattern such as "~.+~e\x00u" would be accepted;
>>> they
>>> were using 5.3.
>>>
>>> The commit that fixed it was this:
>>>
>>> https://github.com/php/php-src/commit/8b3c1a380a182655113b94b0b96551e98d05a8d3
>>>
>>> The corresponding (private) bug is:
>>> https://bugs.php.net/bug.php?id=55856
>>>
>>> My question is whether there's a defined "time out period" after which
>>> those kind of sensitive bug reports are opened to the public; is it done
>>> once we hit EOL for that branch?
>>>
>>>
>>> --
>>> --
>>> Tjerk
>>>
>>
>> AFAIK it should be opened after we have a release with the fix announced,
>> as there is no point in having a reference to a private bug in the release
>> announcement/Changelog.
>>
>
> Thanks. If that's indeed the case, could someone please open the bug
> report? :)
>
>
I've opened it up, thanks for spotting it.
--
Ferenc Kovács
@Tyr43l - http://tyrael.hu
Thread (6 messages)