Month of PHP Bugs

[xDamox]

A Month of PHP Bugs started March:

 

This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core. During March 2007 old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability management process used by the PHP Security Response Team.

 

[/url][url=http://www.php-security.org/]http://www.php-security.org/

 

The bugs come with a POC (Proof of Concept)

[hybrid]

Eeek. :/

 

Hope the bugs aren't too bad. I'm responsible for a few websites than run PHP (though thankfully not upgrading it and managing the server), so I hope things aren't too bad!

 

A Month of PHP Bugs started March: 

<blockquote data-ipsquote="" class="ipsQuote" data-ipsquote-contentapp="forums" data-ipsquote-contenttype="forums" data-ipsquote-contentid="2811" data-ipsquote-contentclass="forums_Topic"><div>This initiative is an effort to improve the security of PHP. However we will not concentrate on problems in the PHP language that might result in insecure PHP applications, but on security vulnerabilities in the PHP core. During March 2007 old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis. We will also point out necessary changes in the current vulnerability management process used by the PHP Security Response Team.

 

[/url][url=http://www.php-security.org/]http://www.php-security.org/

 

The bugs come with a POC (Proof of Concept)



</div></blockquote>

[znx]

Thanks for pointing me to this, its a bit of a shame that he had to release it in this manner. You'd think the PHP crew would be more interested in pushing the patches downstream than just fixing in CVS and ignoring.

 

Oh well!