[php-maint] Bug#609315: php5: Upstream bug CVE-2010-4645 / bug #53632, critical: conversion string>double might hang PHP interpreter
Jort Koopmans
jort.koopmans at gmail.com
Sat Jan 8 16:51:43 UTC 2011
On Sat, 2011-01-08 at 16:31 +0100, Julien Cristau wrote:
[..]
> Did you actually reproduce this with php 5.2.6.dfsg.1-1+lenny9? AFAIK
> people tried and couldn't.
As mentioned in my update I couldnt reproduce it, but the 64bit build of
php5 seems unaffected, so maybe users with a 32bit install should test
it? If I understand the upstream buginfo correctly, both lenny and
squeeze current releases (32bit) should be vulnerable to this bug. I'd
recommend getting in touch with the people from PHP (Pajoye).
Cheers,
Jort
More information about the pkg-php-maint
mailing list