On 2012-02-02 04:13, Thijs Kinkhorst wrote:
On Wed, February 1, 2012 01:53, Filipus Klutiero wrote:
Package: php5
Version: 5.3.9-1
Severity: minor
README.Debian.security contains:
Most specifically, the security team will not provide
support for flaws in:
- problems which are not flaws in the design of php but can be
problematic
when used by sloppy developers (for example: not checking the contents
of a tar file before extracting it, using unserialize() on
untrusted data, or relying on a specific value of short_open_tag).
Sloppy developers do not use problems, although crackers may.
This is unclear and I frankly wouldn't know how to reformulate besides:
- application code
But if that's what it means, then I don't think it's worth a mention at
this place.
I've changed it to read:
- functionality which is not flawed in the design of PHP but can be
problematic when used by sloppy developers (for example: not
Thanks Thijs. I guess that solves the problem described, but I don't
think the new version is more sensical.
Security support will not be provided for flaws in functionality which is not
flawed in the design of PHP but can be problematic when used by sloppy
developers.
That would leave the question, where is PHP functionality flawed if it
is not in PHP's design?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
