[php-maint] Bug#609315: php5: Upstream bug CVE-2010-4645 / bug #53632, critical: conversion string>double might hang PHP interpreter

Jort Koopmans jort.koopmans at gmail.com
Sat Jan 8 16:51:43 UTC 2011

On Sat, 2011-01-08 at 16:31 +0100, Julien Cristau wrote:
> Did you actually reproduce this with php 5.2.6.dfsg.1-1+lenny9?  AFAIK
> people tried and couldn't.

As mentioned in my update I couldnt reproduce it, but the 64bit build of
php5 seems unaffected, so maybe users with a 32bit install should test
it? If I understand the upstream buginfo correctly, both lenny and
squeeze current releases (32bit) should be vulnerable to this bug. I'd
recommend getting in touch with the people from PHP (Pajoye).


More information about the pkg-php-maint mailing list