[php-maint] Bug#783099: php5: Fileinfo on specific file causes spurious OOM and/or segfault
Christoph Biedl
debian.axhn at manchmal.in-ulm.de
Fri Apr 24 08:35:33 UTC 2015
Henri Salo wrote...
> I reported this issue to Debian BTS to notify package maintainers and in the
> long run trying to get security issues fixed. Maintainers are not always
> following security issues in upstream and so on (not saying this about PHP). I
This is appreciated but a short report about what has been done so far
helps the maintainer to organize the next steps. Even if it's just an
"I didn't take a closer look so it might be a non-issue".
> verified that the segfault condition occurred and did not do more detailed
> analysis of the issue. If there is no security issue in PHP with the poc we can
> close this bug.
The crucial question is: Did you verify this in php5 or in file?
Repeating myself another time, just in other words:
* php5 certainly is affected.
* file: I cannot see be that. Neither from the source code nor from
the reproducers that segfault php.
However, I can be convinced otherwise. Just provide a reproducer.
Christoph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20150424/adacc780/attachment.sig>
More information about the pkg-php-maint
mailing list