Thanks for reporting this; I am currently working on the update to fix this and other open php issues. I'm aware of the introduced vulnerability CVE-2012-0830 that the fix for this issue introduced (Tom Reed's patch above includes the vulnerability). It's addressed upstream by http://svn.php.net/viewvc?view=revision&revision=323007, plus there's an additional memory leak addressed by http://svn.php.net/viewvc?view=revision&revision=323013).
** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2012-0830 ** Changed in: php5 (Ubuntu Lucid) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Hardy) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Natty) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Maverick) Assignee: (unassigned) => Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Oneiric) Assignee: (unassigned) => Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/910296 Title: Please backport the upstream patch to prevent attacks based on hash collisions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/910296/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs