When we backport security fixes, we: For most products, our default practice is to backport security fixes, but we do sometimes provide version updates for some packages after careful testing and analysis.
These are likely to be packages that have no interaction with others, or those used by an end-user, such as web browsers and instant messaging clients.
The sync adapter calls to update the security provider.
If the method returns normally, the sync adapter knows the security provider is up-to-date.
For example, here's an implementation of a sync adapter that updates the security provider.
Since a sync adapter runs in the background, it's okay if the thread blocks while waiting for the security provider to be updated.
However, on October 14, 2014, a buffer overflow flaw CVE-2014-3670, rated as Important, has been discovered in all versions of PHP that could allow a remote attacker to crash a PHP application or, possibly, execute arbitrary code with the privileges of the user running that PHP application.