[php-maint] Bug#800564: Bug#800564: php5: trivial hash complexity DoS attack
brian m. carlson
sandals at crustytoothpaste.net
Sun Oct 2 19:04:19 UTC 2016
On Mon, Oct 05, 2015 at 12:32:33AM +0200, Ondřej Surý wrote:
> On Mon, Oct 5, 2015, at 00:20, brian m. carlson wrote:
> > On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> > > Hi Brian,
> > >
> > > did you already reported this to php security or should I do that?
> > You should probably do that.
> I already did.
> > I didn't contact PHP Security or the
> > Debian Security Team because I expect that due to similar
> > vulnerabilities in other languages, any attacker already knows about
> > this and can exploit it with minimal effort. Secrecy doesn't therefore
> > benefit anyone, so I just filed a bug.
> Yeah, I agree. Just they are the guys who will have to fix it, so it
> would have been faster to start with them.
This still hasn't been fixed upstream after over a year. Security Team,
can you allocate a CVE for this, please? Perhaps that will get upstream
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: not available
More information about the pkg-php-maint