[php-maint] Bug#800564: Bug#800564: php5: trivial hash complexity DoS attack
Ondřej Surý
ondrej at sury.org
Sun Oct 4 22:32:33 UTC 2015
On Mon, Oct 5, 2015, at 00:20, brian m. carlson wrote:
> On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> > Hi Brian,
> >
> > did you already reported this to php security or should I do that?
>
> You should probably do that.
I already did.
> I didn't contact PHP Security or the
> Debian Security Team because I expect that due to similar
> vulnerabilities in other languages, any attacker already knows about
> this and can exploit it with minimal effort. Secrecy doesn't therefore
> benefit anyone, so I just filed a bug.
Yeah, I agree. Just they are the guys who will have to fix it, so it
would have been faster to start with them.
Cheers,
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
More information about the pkg-php-maint
mailing list