On Thu, June 20, 2013 09:08, [email protected] wrote: > Can someone please confirm that the Wheezy package is really not > vulnerable? I tried to use the test code from PHP (attached below) on > multiple PHP versions, but it doesn't cause segfaults (as it's supposed > to) on any of those I tried (Not even on PHP 5.3.23, which is supposed > to be vulnerable.)
The bug was originally introduced in PHP upstream with this commit: http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629 As you can verify, that code is not present in Debian Wheezy, making Wheezy not vulnerable to this bug. Cheers, Thijs -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
