** Branch linked: lp:ubuntu/hardy-updates/php5
** Branch linked: lp:ubuntu/php5
** Branch linked: lp:ubuntu/dapper-updates/php5
** Branch linked: lp:ubuntu/maverick-security/php5
** Branch linked: lp:ubuntu/karmic-security/php5
** Branch linked: lp:ubuntu/lucid-security/php5
--
You received
This bug was fixed in the package php5 - 5.3.3-1ubuntu9.2
---
php5 (5.3.3-1ubuntu9.2) maverick-security; urgency=low
* SECURITY UPDATE: open_basedir bypass
- debian/patches/php5-CVE-2010-3436.patch: more strict checking in
php_check_specific_open_basedir()
-
This bug was fixed in the package php5 - 5.3.2-1ubuntu4.6
---
php5 (5.3.2-1ubuntu4.6) lucid-security; urgency=low
* SECURITY UPDATE: open_basedir bypass
- debian/patches/php5-CVE-2010-3436.patch: more strict checking in
php_check_specific_open_basedir()
-
** Changed in: php5 (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/697181
Title:
DoS: Infinite loop processing 2.2250738585072011e-308
** Changed in: php5 (Ubuntu Maverick)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Lucid)
Assignee: (unassigned) = Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
I've confirmed that marking the double variables as volatile in
maverick's php causes the infinite loop not to get triggered on i386
(and think I understand why that's the case). However, attempts to
reproduce the issue with php from 9.10 (karmic), 8.04 (hardy), and 6.06
(dapper) fail for no
Maybe it is related to some compiler flags? (e.g. it can be worked around by
using -ffloat-store in CFLAGS).
See http://news.ycombinator.com/item?id=2066084 for more discussion.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in
** Description changed:
Binary package hint: php5
Processing certain textual forms of MAX_FLOAT leads to an infinite
loop/hang/DoS:
php -r print 2.2250738585072011e-308;
hangs indefinitely, whereas:
php -r print 2.2250738585072010e-308;
returns immediately.
This bug was fixed in the package php5 - 5.3.3-1ubuntu12
---
php5 (5.3.3-1ubuntu12) natty; urgency=low
* debian/patches/fix-upstream-bug53632.patch: Fix infinite loop bug (php bug
#53632)
(LP: #697181)
-- Chuck Short zul...@ubuntu.com Fri, 07 Jan 2011 12:57:59 -0500
**
And there's a patch:
Fix: http://svn.php.net/viewvc?view=revisionrevision=307095
Test case: http://svn.php.net/viewvc?view=revisionrevision=307097
See:
http://bugs.php.net/bug.php?id=53632
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
Confirmed in Ubuntu 10.04 lucid using:
echo '?php $d = 2.2250738585072011e-308; ?' | time -p php5
which hangs.
Ubuntu 8.04 hardy does not hang.
** Changed in: php5 (Ubuntu Lucid)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Confirmed on Ubuntu 10.10+ 32bit
php --version
PHP 5.3.3-1ubuntu9.1 with Suhosin-Patch (cli) (built: Oct 15 2010 14:17:04)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH
** Also affects: php5 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Natty)
Importance: Undecided
Status: Confirmed
** Changed in: php5 (Ubuntu Maverick)
13 matches
Mail list logo