On Mon, Oct 05, 2015 at 12:32:33AM +0200, Ondřej Surý wrote:
> On Mon, Oct 5, 2015, at 00:20, brian m. carlson wrote:
> > On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> > > Hi Brian,
> > >
> > > did you already reported this to php security or should I do that?
> >
> > You should
On Mon, Oct 5, 2015, at 00:20, brian m. carlson wrote:
> On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> > Hi Brian,
> >
> > did you already reported this to php security or should I do that?
>
> You should probably do that.
I already did.
> I didn't contact PHP Security or the
>
On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote:
> Hi Brian,
>
> did you already reported this to php security or should I do that?
You should probably do that. I didn't contact PHP Security or the
Debian Security Team because I expect that due to similar
vulnerabilities in other lan
Hi Brian,
did you already reported this to php security or should I do that?
Cheers,
Ondrej
On Fri, Oct 2, 2015, at 14:37, brian m. carlson wrote:
> On Wed, Sep 30, 2015 at 11:27:39PM +, brian m. carlson wrote:
> > Package: php5-cli
> > Version: 5.6.13+dfsg-2
> > Severity: important
> > Tag
On Wed, Sep 30, 2015 at 11:27:39PM +, brian m. carlson wrote:
> Package: php5-cli
> Version: 5.6.13+dfsg-2
> Severity: important
> Tags: security
>
> PHP uses the DJB "times 33" hash to hash strings in its hash tables,
> without the use of any secret key. Hash values are therefore the same
>
Package: php5-cli
Version: 5.6.13+dfsg-2
Severity: important
Tags: security
PHP uses the DJB "times 33" hash to hash strings in its hash tables,
without the use of any secret key. Hash values are therefore the same
between multiple invocations. As a result, it's trivial to precompute a
set of va
6 matches
Mail list logo
