[php-maint] Bug#800564: Bug#800564: php5: trivial hash complexity DoS attack
Ondřej Surý
ondrej at sury.org
Fri Oct 9 08:44:09 UTC 2015
Brian,
if you have a moment, you can try recompile PHP with this patch and
retest with your test suite:
https://github.com/php/php-src/compare/master...nikic:integerHash
Cheers,
Ondrej
On Mon, Oct 5, 2015, at 00:32, Ondřej Surý wrote:
> On Mon, Oct 5, 2015, at 00:20, brian m. carlson wrote:
> > On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> > > Hi Brian,
> > >
> > > did you already reported this to php security or should I do that?
> >
> > You should probably do that.
>
> I already did.
>
> > I didn't contact PHP Security or the
> > Debian Security Team because I expect that due to similar
> > vulnerabilities in other languages, any attacker already knows about
> > this and can exploit it with minimal effort. Secrecy doesn't therefore
> > benefit anyone, so I just filed a bug.
>
> Yeah, I agree. Just they are the guys who will have to fix it, so it
> would have been faster to start with them.
>
> Cheers,
> --
> Ondřej Surý <ondrej at sury.org>
> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
More information about the pkg-php-maint
mailing list