You actually need two commits for this fix. This one is the 5.3 branch commit for the first commit:
http://svn.php.net/viewvc?view=revision&revision=321038 There was a fix to that commit later: http://svn.php.net/viewvc?view=revision&revision=321335 I've combined both of these patches into one patch that can be applied to 5.3.2-1ubuntu4.11: https://gist.github.com/1610477 Should just be able to drop it into debian/patches and add it to the end of debian/patches/series. I'm still confirming if that patch fixes the DoS. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/910296 Title: Please backport the upstream patch to prevent attacks based on hash collisions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/910296/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
