Launchpad has imported 8 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=667806.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2011-01-06T20:30:39+00:00 Vincent wrote: A flaw in how PHP handled the numeric value 2.2250738585072011e-308 was reported [1]. If a script were to assign this value to a variable, it could cause PHP to hang (infinite loop). This issue has been fixed in upstream PHP [2] 5.2.17 and 5.3.5. [1] http://bugs.php.net/53632 [2] http://svn.php.net/viewvc?view=revision&revision=307095 Reply at: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/697181/comments/4 ------------------------------------------------------------------------ On 2011-01-06T20:56:55+00:00 Vincent wrote: I have not been able to reproduce this on RHEL4 (4.3.9) or RHEL5 (5.1.6) on x86. I have reproduced it on RHEL6 (5.3.2) and Fedora 14 (5.3.4), both x86. It does not reproduce on Fedora 14 x86_64, so this is x86-only. Reply at: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/697181/comments/5 ------------------------------------------------------------------------ On 2011-01-06T21:11:38+00:00 MichaĆ wrote: Please add also r307168 | pajoye | 2011-01-06 18:08:46 +0100 (czw) | 1 linia - fix vc6 random behavior for Fix bug #53632 with x87 fpu Reply at: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/697181/comments/6 ------------------------------------------------------------------------ On 2011-01-07T00:24:29+00:00 Vincent wrote: Note that upstream has put up a checking script to see if your system is vulnerable: http://www.php.net/distributions/test_bug53632.txt Reply at: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/697181/comments/7 ------------------------------------------------------------------------ On 2011-01-07T08:54:21+00:00 Joe wrote: Michal, r307168 is MSVC-specific and won't have any effect on Linux. Reply at: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/697181/comments/8 ------------------------------------------------------------------------ On 2011-02-03T18:56:33+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:0195 https://rhn.redhat.com/errata/RHSA-2011-0195.html Reply at: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/697181/comments/14 ------------------------------------------------------------------------ On 2011-02-03T19:17:11+00:00 errata-xmlrpc wrote: This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:0196 https://rhn.redhat.com/errata/RHSA-2011-0196.html Reply at: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/697181/comments/15 ------------------------------------------------------------------------ On 2011-02-03T19:28:28+00:00 Vincent wrote: Statement: This issue leads to a temporary denial of service (high CPU consumption) when a PHP script handles numeric values from untrusted user input. It does not affect the versions of PHP as shipped with Red Hat Enterprise Linux 3, 4 or 5. It did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5. Reply at: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/697181/comments/16 ** Changed in: php5 (Fedora) Status: Unknown => Fix Released ** Changed in: php5 (Fedora) Importance: Unknown => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/697181 Title: DoS: Infinite loop processing 2.2250738585072011e-308 To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/697181/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
