[php-maint] Bug#800564: Bug#800564: php5: trivial hash complexity DoS attack

Ondřej Surý ondrej at sury.org
Sun Oct 4 22:32:33 UTC 2015

On Mon, Oct 5, 2015, at 00:20, brian m. carlson wrote:
> On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> > Hi Brian,
> > 
> > did you already reported this to php security or should I do that?
> You should probably do that.

I already did.

> I didn't contact PHP Security or the
> Debian Security Team because I expect that due to similar
> vulnerabilities in other languages, any attacker already knows about
> this and can exploit it with minimal effort.  Secrecy doesn't therefore
> benefit anyone, so I just filed a bug.

Yeah, I agree. Just they are the guys who will have to fix it, so it
would have been faster to start with them.

Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

More information about the pkg-php-maint mailing list