[php-maint] Bug#800564: Bug#800564: php5: trivial hash complexity DoS attack
ondrej at sury.org
Fri Oct 9 08:44:09 UTC 2015
if you have a moment, you can try recompile PHP with this patch and
retest with your test suite:
On Mon, Oct 5, 2015, at 00:32, Ondřej Surý wrote:
> On Mon, Oct 5, 2015, at 00:20, brian m. carlson wrote:
> > On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> > > Hi Brian,
> > >
> > > did you already reported this to php security or should I do that?
> > You should probably do that.
> I already did.
> > I didn't contact PHP Security or the
> > Debian Security Team because I expect that due to similar
> > vulnerabilities in other languages, any attacker already knows about
> > this and can exploit it with minimal effort. Secrecy doesn't therefore
> > benefit anyone, so I just filed a bug.
> Yeah, I agree. Just they are the guys who will have to fix it, so it
> would have been faster to start with them.
> Ondřej Surý <ondrej at sury.org>
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
More information about the pkg-php-maint