You actually need two commits for this fix. This one is the 5.3 branch commit for the first commit:
http://svn.php.net/viewvc?view=revision&revision=321038 There was a fix to that commit later: http://svn.php.net/viewvc?view=revision&revision=321335 I've combined both of these patches into one patch that can be applied to 5.3.2-1ubuntu4.11: https://gist.github.com/1610477 Should just be able to drop it into debian/patches and add it to the end of debian/patches/series. I'm still confirming if that patch fixes the DoS. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/910296 Title: Please backport the upstream patch to prevent attacks based on hash collisions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/910296/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs