On Mon, Oct 3, 2016 at 2:37 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > On Sat, Oct 01, 2016 at 08:45:20PM -0400, Roberto C. Sánchez wrote: >> I tried for quite some time to reproduce this based on the original PHP >> bug report, but I was unable. I have annotated the security tracker >> with my (lack of) findings so far. That doesn't mean it's not vulnerable as Salvatore already noted.
> Laszlo, do you know more already? Other distributions seem in the same > boat, like Red Hat in > https://bugzilla.redhat.com/show_bug.cgi?id=1377361#c3 Sorry, I was on a trip and just arrived back on Sunday evening. Did an other security upload and then killed my machine. Minus one keyboard (a special one) and a monitor. Only now could boot the remaining hardware. I don't know more about this issue - upstream keep such bugreports secret, if any. I don't have a good connection with them (yet), but will try to know more about this. Regards, Laszlo/GCS