[Bug 910296] Re: Please backport the upstream patch to prevent attacks based on hash collisions
Steve Beattie
sbeattie at ubuntu.com
Mon Feb 6 17:32:24 UTC 2012
Thanks for reporting this; I am currently working on the update to fix
this and other open php issues. I'm aware of the introduced
vulnerability CVE-2012-0830 that the fix for this issue introduced (Tom
Reed's patch above includes the vulnerability). It's addressed upstream
by http://svn.php.net/viewvc?view=revision&revision=323007, plus there's
an additional memory leak addressed by
http://svn.php.net/viewvc?view=revision&revision=323013).
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-0830
** Changed in: php5 (Ubuntu Lucid)
Assignee: (unassigned) => Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Hardy)
Assignee: (unassigned) => Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Natty)
Assignee: (unassigned) => Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Maverick)
Assignee: (unassigned) => Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Oneiric)
Assignee: (unassigned) => Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/910296
Title:
Please backport the upstream patch to prevent attacks based on hash
collisions
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/910296/+subscriptions
More information about the Ubuntu-server-bugs
mailing list