Package: php5
Version: 5.3.9-1
Severity: minor
README.Debian.security contains:
Most specifically, the security team will not provide
support for flaws in:
- problems which are not flaws in the design of php but can be
problematic
when used by sloppy developers (for example: not checking the contents
of a tar file before extracting it, using unserialize() on
untrusted data, or relying on a specific value of short_open_tag).
Sloppy developers do not use problems, although crackers may.
This is unclear and I frankly wouldn't know how to reformulate besides:
- application code
But if that's what it means, then I don't think it's worth a mention at
this place.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
