We are on day 5 of the Month of PHP Bugs, meanwhile details for 11 Vulnerabilities were disclosed, including 2 Bonus vulnerabilities covering local root vulnerabilities in the Zend Platform.

He mentions that, on the whole, the reaction has been positive, with those few out there that have their own thoughts on the bugs (such as one issues causing two bugs or that other bugs aren't viable because they're not included in a released version of PHP).

You might have realised it already. March 2007 has begun and so has the long awaited Month of PHP Bugs. The initiative is hosted on dedicated servers, because serendipity cannot handle the traffic. You can reach it at http://www.php-security.org.

As of the time of this post, there are currently three bugs posted - two dealing with stack overflows (one in the variable destructor and one in the executor) and a overflow issue in the ZVAL reference counter. Detailed descriptions of the issues are just a click away and, where is it needed, an explain example is provided.