On Wed, Feb 8, 2012 at 18:03, Filipus Klutiero <chea...@gmail.com> wrote: >> We provide some examples to illustrate that: putting untrusted data into >> tar or unserialize functions without further checking may result in >> adverse effects. > > I see. Could you please provide example CVEs, or the names of the specific > relevant tar functions?
No, and there is no reason to do that. It's not meant as definitive list, but a list of few examples. I have run the current text[1] through our Debian L10N English team and my opinion is that the text now accurately reflects PHP 5.4 security policy. You have never provided a consistent text we can use and would make you happy (and yes I have checked both bug reports and the only thing you have suggested was that we delete whole paragraph) and clearly we cannot come to reasonable consensus, also because you consistently pick new things (like this email). Thus I am stopping this discussion here. 1. http://anonscm.debian.org/gitweb/?p=pkg-php/php.git;a=blob;f=debian/README.Debian.security;hb=HEAD -- Ondřej Surý <ond...@sury.org> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
