Launchpad has imported 8 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=667806.
If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
** Branch linked: lp:ubuntu/hardy-updates/php5
** Branch linked: lp:ubuntu/php5
** Branch linked: lp:ubuntu/dapper-updates/php5
** Branch linked: lp:ubuntu/maverick-security/php5
** Branch linked: lp:ubuntu/karmic-security/php5
** Branch linked: lp:ubuntu/lucid-security/php5
--
You received
** Branch linked: lp:ubuntu/hardy-updates/php5
** Branch linked: lp:ubuntu/php5
** Branch linked: lp:ubuntu/dapper-updates/php5
** Branch linked: lp:ubuntu/maverick-security/php5
** Branch linked: lp:ubuntu/karmic-security/php5
** Branch linked: lp:ubuntu/lucid-security/php5
--
You received
This bug was fixed in the package php5 - 5.3.3-1ubuntu9.2
---
php5 (5.3.3-1ubuntu9.2) maverick-security; urgency=low
* SECURITY UPDATE: open_basedir bypass
- debian/patches/php5-CVE-2010-3436.patch: more strict checking in
php_check_specific_open_basedir()
-
This bug was fixed in the package php5 - 5.3.2-1ubuntu4.6
---
php5 (5.3.2-1ubuntu4.6) lucid-security; urgency=low
* SECURITY UPDATE: open_basedir bypass
- debian/patches/php5-CVE-2010-3436.patch: more strict checking in
php_check_specific_open_basedir()
-
This bug was fixed in the package php5 - 5.3.3-1ubuntu9.2
---
php5 (5.3.3-1ubuntu9.2) maverick-security; urgency=low
* SECURITY UPDATE: open_basedir bypass
- debian/patches/php5-CVE-2010-3436.patch: more strict checking in
php_check_specific_open_basedir()
-
This bug was fixed in the package php5 - 5.3.2-1ubuntu4.6
---
php5 (5.3.2-1ubuntu4.6) lucid-security; urgency=low
* SECURITY UPDATE: open_basedir bypass
- debian/patches/php5-CVE-2010-3436.patch: more strict checking in
php_check_specific_open_basedir()
-
** Changed in: php5 (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
https://bugs.launchpad.net/bugs/697181
Title:
DoS: Infinite loop processing 2.2250738585072011e-308
** Changed in: php5 (Debian)
Status: Unknown = Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/697181
Title:
DoS: Infinite loop processing 2.2250738585072011e-308
--
ubuntu-bugs
** Changed in: php5 (Ubuntu Maverick)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Lucid)
Assignee: (unassigned) = Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
I've confirmed that marking the double variables as volatile in
maverick's php causes the infinite loop not to get triggered on i386
(and think I understand why that's the case). However, attempts to
reproduce the issue with php from 9.10 (karmic), 8.04 (hardy), and 6.06
(dapper) fail for no
Maybe it is related to some compiler flags? (e.g. it can be worked around by
using -ffloat-store in CFLAGS).
See http://news.ycombinator.com/item?id=2066084 for more discussion.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in
** Description changed:
Binary package hint: php5
Processing certain textual forms of MAX_FLOAT leads to an infinite
loop/hang/DoS:
php -r print 2.2250738585072011e-308;
hangs indefinitely, whereas:
php -r print 2.2250738585072010e-308;
returns immediately.
This bug was fixed in the package php5 - 5.3.3-1ubuntu12
---
php5 (5.3.3-1ubuntu12) natty; urgency=low
* debian/patches/fix-upstream-bug53632.patch: Fix infinite loop bug (php bug
#53632)
(LP: #697181)
-- Chuck Short zul...@ubuntu.com Fri, 07 Jan 2011 12:57:59 -0500
**
** Changed in: php5 (Ubuntu Maverick)
Assignee: (unassigned) = Steve Beattie (sbeattie)
** Changed in: php5 (Ubuntu Lucid)
Assignee: (unassigned) = Steve Beattie (sbeattie)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
I've confirmed that marking the double variables as volatile in
maverick's php causes the infinite loop not to get triggered on i386
(and think I understand why that's the case). However, attempts to
reproduce the issue with php from 9.10 (karmic), 8.04 (hardy), and 6.06
(dapper) fail for no
Maybe it is related to some compiler flags? (e.g. it can be worked around by
using -ffloat-store in CFLAGS).
See http://news.ycombinator.com/item?id=2066084 for more discussion.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
Binary package hint: php5
Processing certain textual forms of MAX_FLOAT leads to an infinite
loop/hang/DoS:
php -r print 2.2250738585072011e-308;
hangs indefinitely, whereas:
php -r print 2.2250738585072010e-308;
returns immediately.
This bug was fixed in the package php5 - 5.3.3-1ubuntu12
---
php5 (5.3.3-1ubuntu12) natty; urgency=low
* debian/patches/fix-upstream-bug53632.patch: Fix infinite loop bug (php bug
#53632)
(LP: #697181)
-- Chuck Short zul...@ubuntu.com Fri, 07 Jan 2011 12:57:59 -0500
**
** Bug watch added: Red Hat Bugzilla #667806
https://bugzilla.redhat.com/show_bug.cgi?id=667806
** Also affects: php5 (Fedora) via
https://bugzilla.redhat.com/show_bug.cgi?id=667806
Importance: Unknown
Status: Unknown
** CVE added: http://www.cve.mitre.org/cgi-
And there's a patch:
Fix: http://svn.php.net/viewvc?view=revisionrevision=307095
Test case: http://svn.php.net/viewvc?view=revisionrevision=307097
See:
http://bugs.php.net/bug.php?id=53632
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed
Confirmed in Ubuntu 10.04 lucid using:
echo '?php $d = 2.2250738585072011e-308; ?' | time -p php5
which hangs.
Ubuntu 8.04 hardy does not hang.
** Changed in: php5 (Ubuntu Lucid)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of Ubuntu
And there's a patch:
Fix: http://svn.php.net/viewvc?view=revisionrevision=307095
Test case: http://svn.php.net/viewvc?view=revisionrevision=307097
See:
http://bugs.php.net/bug.php?id=53632
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
Confirmed in Ubuntu 10.04 lucid using:
echo '?php $d = 2.2250738585072011e-308; ?' | time -p php5
which hangs.
Ubuntu 8.04 hardy does not hang.
** Changed in: php5 (Ubuntu Lucid)
Status: Incomplete = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Confirmed on Ubuntu 10.10+ 32bit
php --version
PHP 5.3.3-1ubuntu9.1 with Suhosin-Patch (cli) (built: Oct 15 2010 14:17:04)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH
** Also affects: php5 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Natty)
Importance: Undecided
Status: Confirmed
** Changed in: php5 (Ubuntu Maverick)
Confirmed on Ubuntu 10.10+ 32bit
php --version
PHP 5.3.3-1ubuntu9.1 with Suhosin-Patch (cli) (built: Oct 15 2010 14:17:04)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Suhosin v0.9.31, Copyright (c) 2007-2010, by SektionEins GmbH
** Also affects: php5 (Ubuntu Lucid)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Maverick)
Importance: Undecided
Status: New
** Also affects: php5 (Ubuntu Natty)
Importance: Undecided
Status: Confirmed
** Changed in: php5 (Ubuntu Maverick)
28 matches
Mail list logo