Ubuntu
php5 package

  1. Bug #1044430
  2. Comment #5

Comment 5 for bug 1044430

Revision history for this message
Ryan C. Underwood (nemesis-icequake) wrote :

This is a real bug.

Here is the patch that fixes it.
http://git.php.net/?p=php-src.git;a=commitdiff;h=0863a0d6a0f740874b4ef8dc732a4ec94949470c

Here is the bug I filed in the debian BTS.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752366

Without this patch an attacker can launch a denial of service on the server due to resource exhaustion if he knows of a script to target.