OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	11/10/2024 09:42:49 AM	rwxr-xr-x
📄 CODING_STANDARDS.gz	4.91 KB	10/22/2019 08:28:36 AM	rw-r--r--
📄 CREDITS	91 bytes	10/22/2019 08:28:42 AM	rw-r--r--
📄 EXTENSIONS.gz	2.5 KB	10/22/2019 08:28:36 AM	rw-r--r--
📄 NEWS.Debian.gz	473 bytes	04/25/2020 02:32:22 AM	rw-r--r--
📄 README.Debian.gz	3.17 KB	02/23/2023 01:29:25 PM	rw-r--r--
📄 README.Debian.security	1.08 KB	04/25/2020 02:32:22 AM	rw-r--r--
📄 README.EXT_SKEL.gz	3 KB	10/22/2019 08:28:36 AM	rw-r--r--
📄 README.SELF-CONTAINED-EXTENSIONS.gz	2.16 KB	10/22/2019 08:28:42 AM	rw-r--r--
📄 UPGRADING.INTERNALS	3.21 KB	10/22/2019 08:28:36 AM	rw-r--r--
📄 UPGRADING.gz	5.4 KB	10/22/2019 08:28:36 AM	rw-r--r--
📄 changelog.Debian.gz	2.69 KB	02/23/2023 01:29:25 PM	rw-r--r--
📄 copyright	33.53 KB	04/25/2020 02:40:05 AM	rw-r--r--
📄 test-results.txt.gz	362.79 KB	02/23/2023 01:29:25 PM	rw-r--r--

Editing: README.Debian.security

The Debian stable security team does not provide security support for
certain configurations known to be inherently insecure. This includes
the interpreter itself, extensions, and user scripts written in the PHP
language. Most specifically, but not exclusively, the security team will
not provide support for the following.

* Security issues which are caused by careless programming, such as:
   - extracting a tar file without first checking the contents;
   - using unserialize() on untrusted data;
   - relying on a specific value of short_open_tag.

* Vulnerabilities involving any kind of open_basedir violation, as
   this feature is not considered a security model either by us or by
   PHP upstream.

* Any "works as expected" vulnerabilities, such as "user can cause
   PHP to crash by writing a malicious PHP script", unless such
   vulnerabilities involve some kind of higher-level DoS or privilege
   escalation that would not otherwise be available.

PHP upstream has published a statement regarding their view on security
and the PHP interpreter:
http://www.php.net/security-note.php