[php-maint] Bug#752366: Bug#752366: php5: Memory leak in FTPS functions results in denial of service
Ondřej Surý
ondrej at sury.org
Mon Jun 23 08:12:55 UTC 2014
Hi Ryan,
thanks for reporting the issue. We have an update queue in
stable-proposed-updates
right now with a bunch of upstream fixes that needs to be processed
first, so we don't
pile updates over updates.
But I will merge fix for your issue into next s-p-u update, ok?
Thanks,
Ondrej
On Mon, Jun 23, 2014, at 04:56, Ryan Underwood wrote:
> Package: php5
> Version: 5.4.4-14+deb7u11
> Severity: important
>
> php5 stable version has a gaping memory leak in SSL handling which was
> fixed
> upstream.
>
> http://git.php.net/?p=php-src.git;a=commitdiff;h=0863a0d6a0f740874b4ef8dc732a4ec94949470c
>
> Without this patch, a process which makes repeated FTP-SSL connections
> will
> eventually consume all resources of the server, not limited by PHP's own
> memory_limit.
>
> -- System Information:
> Debian Release: 7.5
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: i386 (i686)
>
> Kernel: Linux 3.14-0.bpo.1-686-pae (SMP w/1 CPU core)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages php5 depends on:
> ii libapache2-mod-php5 5.4.4-14+deb7u11
> ii php5-common 5.4.4-14+deb7u11
>
> php5 recommends no packages.
>
> php5 suggests no packages.
>
> -- no debconf information
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
More information about the pkg-php-maint
mailing list