I reported this issue to Debian BTS to notify package maintainers and in the long run trying to get security issues fixed. Maintainers are not always following security issues in upstream and so on (not saying this about PHP). I verified that the segfault condition occurred and did not do more detailed analysis of the issue. If there is no security issue in PHP with the poc we can close this bug.
-- Henri Salo -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org