[php-maint] Bug#800564: Bug#800564: php5: trivial hash complexity DoS attack
brian m. carlson
sandals at crustytoothpaste.net
Sun Oct 4 22:20:27 UTC 2015
On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> Hi Brian,
>
> did you already reported this to php security or should I do that?
You should probably do that. I didn't contact PHP Security or the
Debian Security Team because I expect that due to similar
vulnerabilities in other languages, any attacker already knows about
this and can exploit it with minimal effort. Secrecy doesn't therefore
benefit anyone, so I just filed a bug.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20151004/3184fb3d/attachment.sig>
More information about the pkg-php-maint
mailing list