[php-maint] Bug#609315: php5: Upstream bug CVE-2010-4645 / bug #53632, critical: conversion string>double might hang PHP interpreter

Jort Koopmans jort.koopmans at gmail.com
Sat Jan 8 13:26:50 UTC 2011


Package: php5
Version: 5.2.6.dfsg.1-1+lenny9
Severity: critical


>From upstream; http://bugs.php.net/bug.php?id=53632
followed by release 5.3.5 and 5.2.17: 
http://www.php.net/archive/2011.php#id2011-01-06-1

Short description;

Conversions from string to double might cause the PHP interpreter to 
hang on systems using x87 FPU registers.

The problem is known to only affect x86 32-bit PHP processes, regardless 
of whether the system hosting PHP is 32-bit or 64-bit.


-- System Information:
Debian Release: 5.0.7
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages php5 depends on:
ii  libapache2-mod-php5           5.3.3-6    server-side, HTML-embedded scripti
ii  php5-common                   5.3.3-6    Common files for packages built fr

php5 recommends no packages.

php5 suggests no packages.

-- no debconf information





More information about the pkg-php-maint mailing list