[php-maint] Bug#752366: Bug#752366: php5: Memory leak in FTPS functions results in denial of service
Ondřej Surý
ondrej at sury.org
Mon Jul 21 09:57:04 UTC 2014
Control: tags -1 + pending
Yes, see:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754275
O.
On Mon, Jul 21, 2014, at 06:12, Ryan C. Underwood wrote:
>
> Hi,
>
> A new php5-5.4.4-14+deb7u12 was released without this fix. Would the
> fix be included in the next stable/updates version then?
>
> Ryan
>
> On Mon, Jun 23, 2014 at 10:12:55AM +0200, Ondřej Surý wrote:
> > Hi Ryan,
> >
> > thanks for reporting the issue. We have an update queue in
> > stable-proposed-updates
> > right now with a bunch of upstream fixes that needs to be processed
> > first, so we don't
> > pile updates over updates.
> >
> > But I will merge fix for your issue into next s-p-u update, ok?
> >
> > Thanks,
> > Ondrej
> >
> > On Mon, Jun 23, 2014, at 04:56, Ryan Underwood wrote:
> > > Package: php5
> > > Version: 5.4.4-14+deb7u11
> > > Severity: important
> > >
> > > php5 stable version has a gaping memory leak in SSL handling which was
> > > fixed
> > > upstream.
> > >
> > > http://git.php.net/?p=php-src.git;a=commitdiff;h=0863a0d6a0f740874b4ef8dc732a4ec94949470c
> > >
> > > Without this patch, a process which makes repeated FTP-SSL connections
> > > will
> > > eventually consume all resources of the server, not limited by PHP's own
> > > memory_limit.
> > >
> > > -- System Information:
> > > Debian Release: 7.5
> > > APT prefers stable-updates
> > > APT policy: (500, 'stable-updates'), (500, 'stable')
> > > Architecture: i386 (i686)
> > >
> > > Kernel: Linux 3.14-0.bpo.1-686-pae (SMP w/1 CPU core)
> > > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> > > Shell: /bin/sh linked to /bin/bash
> > >
> > > Versions of packages php5 depends on:
> > > ii libapache2-mod-php5 5.4.4-14+deb7u11
> > > ii php5-common 5.4.4-14+deb7u11
> > >
> > > php5 recommends no packages.
> > >
> > > php5 suggests no packages.
> > >
> > > -- no debconf information
> > >
> > > _______________________________________________
> > > pkg-php-maint mailing list
> > > pkg-php-maint at lists.alioth.debian.org
> > > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
> >
> >
> > --
> > Ondřej Surý <ondrej at sury.org>
> > Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
> >
>
> --
> Ryan C. Underwood, <nemesis at icequake.net>
> Email had 1 attachment:
> + signature.asc
> 1k (application/pgp-signature)
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
More information about the pkg-php-maint
mailing list