This should really be fixed soon. Please up vote it! BTW, watch out, the fix caused an even worse (remote code execution) bug:
https://bugzilla.redhat.com/show_bug.cgi?id=786686 ** Bug watch added: Red Hat Bugzilla #786686 https://bugzilla.redhat.com/show_bug.cgi?id=786686 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/910296 Title: Please backport the upstream patch to prevent attacks based on hash collisions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/910296/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs