Message-ID: <email address hidden>
Date: Sun, 09 Jan 2005 13:00:15 +0100
From: Florian Weimer <email address hidden>
To: Martin Schulze <email address hidden>
Cc: Pekka Savola <email address hidden>, <email address hidden>, <email address hidden>
Subject: Re: A backport of PHP fixes for 4.1.2
* Martin Schulze:
>> Huh? What about safe_mode? Does CVE officially declare safe_mode as
>> fundamentally insecure?
>
> Yes (except that it's not CVE who declared but vendor-sec).
Okay, this actually good news.
Shall I write a draft DSA and some documentation patches? Some of our
users rely on this feature and are not aware of its defects.
Message-ID: <email address hidden>
Date: Sun, 09 Jan 2005 13:00:15 +0100
From: Florian Weimer <email address hidden>
To: Martin Schulze <email address hidden>
Cc: Pekka Savola <email address hidden>, <email address hidden>, <email address hidden>
Subject: Re: A backport of PHP fixes for 4.1.2
* Martin Schulze:
>> Huh? What about safe_mode? Does CVE officially declare safe_mode as
>> fundamentally insecure?
>
> Yes (except that it's not CVE who declared but vendor-sec).
Okay, this actually good news.
Shall I write a draft DSA and some documentation patches? Some of our
users rely on this feature and are not aware of its defects.