[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PHP5 in Wheezy vulnerable to CVE-2013-2110?

Dne 20.06.2013 14:13, Thijs Kinkhorst napsal:
On Thu, June 20, 2013 09:08, jaroslav@thinline.cz wrote:
Can someone please confirm that the Wheezy package is really not
vulnerable? I tried to use the test code from PHP (attached below) on
multiple PHP versions, but it doesn't cause segfaults (as it's supposed
to) on any of those I tried (Not even on PHP 5.3.23, which is supposed
to be vulnerable.)

The bug was originally introduced in PHP upstream with this commit:

As you can verify, that code is not present in Debian Wheezy, making
Wheezy not vulnerable to this bug.


Great, thanks a lot

Reply to: