[php-maint] Bug#800564: Bug#800564: php5: trivial hash complexity DoS attack

brian m. carlson sandals at crustytoothpaste.net
Sun Oct 4 22:20:27 UTC 2015

On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> Hi Brian,
> did you already reported this to php security or should I do that?

You should probably do that.  I didn't contact PHP Security or the
Debian Security Team because I expect that due to similar
vulnerabilities in other languages, any attacker already knows about
this and can exploit it with minimal effort.  Secrecy doesn't therefore
benefit anyone, so I just filed a bug.
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20151004/3184fb3d/attachment.sig>

More information about the pkg-php-maint mailing list