On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote: > Hi Brian, > > did you already reported this to php security or should I do that?
You should probably do that. I didn't contact PHP Security or the Debian Security Team because I expect that due to similar vulnerabilities in other languages, any attacker already knows about this and can exploit it with minimal effort. Secrecy doesn't therefore benefit anyone, so I just filed a bug. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | https://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: PGP signature
