PHPBuilder.com, the best resource for PHP tutorials, templates, PHP manuals, content management systems, scripts, classes and more.

Linux Today
Enterprise Linux Today
Apache Today
JustLinux.com
Linux Planet
PHPBuilder
All Linux Devices
Hiermenus
DatabaseJournal
Technology Jobs

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

Covalent Extends Apache 2.0 to Microsoft ASP.NET
ShopWorX - Support for Windows
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1
Network Risk Assessment
Full-Featured, Java-Based Apache GUI

Partners & Affiliates

An introduction to the ADOdb class library, Part 2
PHP Form Validation System: An Object-Oriented Approach
Building Web Services Using NuSOAP Toolkit
Using the Manual at PHP.net
Microsoft SQL Server from PHP on Linux

[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi From: Andi Gutmans (andi <email protected>)
Date: 03/21/01

Next message: Sterling Hughes: "Re: [PHP-DEV] Function design recomendation?"
Previous message: Fredrik Ohrn: "[PHP-DEV] Function design recomendation?"
Next in thread: Sascha Schumann: "[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi"
Reply: Sascha Schumann: "[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

A couple of these were buffer overflows IIRC which were security issues.
Remember the group@ emails about those?
Andi

At 07:17 PM 3/21/2001 +0100, Sascha Schumann wrote:
> > I think most (probably not all) pl's were sparked due to security bugs
> > which were found and we took the opportunity to add another couple of
> > important fixes. Those kind of pl's would not have been prevented by any
> > Great Plan.
>
> If I remember correctly, 4.0.4pl1 was the only release
> which also happened to include security-related changes
> beside important bug fixes.
>
> Here is a quick summary.
>
> 4.0.4pl1, two weeks after 4.0.4
> - broken user function calls affects modules like XML and
> Session, broken Apache Config
>
> 4.0.3pl1, three days after 4.0.3
> - broken Apache Config handling
>
> 4.0.1pl2, two days after 4.0.1
> - broken error_reporting() and readdir()
>
> 4.0b4pl1, one day after 4.0b4
> - magic_quotes crash
>
> - Sascha Experience IRCG
> http://schumann.cx/ http://schumann.cx/ircg

-- 
PHP Development Mailing List <http://www.php.net/>
To unsubscribe, e-mail: php-dev-unsubscribe <email protected>
For additional commands, e-mail: php-dev-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>

Next message: Sterling Hughes: "Re: [PHP-DEV] Function design recomendation?"
Previous message: Fredrik Ohrn: "[PHP-DEV] Function design recomendation?"
Next in thread: Sascha Schumann: "[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi"
Reply: Sascha Schumann: "[PHP-DEV] Re: [PHP-QA] Re: [PHP-DEV] Re: [PHP-CVS] cvs: php4(PHP_4_0_5) /sapi/fastcgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]