[php-maint] Bug#609315: php5: Upstream bug CVE-2010-4645 / bug #53632, critical: conversion string>double might hang PHP interpreter

Julien Cristau jcristau at debian.org
Sat Jan 8 17:21:55 UTC 2011

On Sat, Jan  8, 2011 at 17:51:43 +0100, Jort Koopmans wrote:

> On Sat, 2011-01-08 at 16:31 +0100, Julien Cristau wrote:
> [..]
> > Did you actually reproduce this with php 5.2.6.dfsg.1-1+lenny9?  AFAIK
> > people tried and couldn't.
> As mentioned in my update I couldnt reproduce it, but the 64bit build of
> php5 seems unaffected, so maybe users with a 32bit install should test
> it? If I understand the upstream buginfo correctly, both lenny and
> squeeze current releases (32bit) should be vulnerable to this bug. I'd
> recommend getting in touch with the people from PHP (Pajoye).
As I said, people tested and couldn't reproduce the issue on 32bit

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20110108/5b55230c/attachment-0001.pgp>

More information about the pkg-php-maint mailing list