Stefan Esserâ€™s, widely regarded as an authority on PHP security issues, plans to make daily disclosures on buffer overflows, double free vulnerabilities and trivial bypass bugs in PHPâ€™s protection features as part of a wider goal â€œto make people and especially the PHP developers aware that bugs in PHP exist.â€
Some of these bugs have already been addressed in PHP 5.2.1. Others are fixed by the Suhosin patches and extensions from Stefan Esser, which are freely downloadable here. Others hopefully will be addressed in the very near future by the PHP development team.
To find out more about this initiative visit the PHP Security website.