On Mon, Oct 5, 2015, at 00:20, brian m. carlson wrote: > On Sun, Oct 04, 2015 at 09:55:43PM +0200, Ondřej Surý wrote: > > Hi Brian, > > > > did you already reported this to php security or should I do that? > > You should probably do that.
I already did. > I didn't contact PHP Security or the > Debian Security Team because I expect that due to similar > vulnerabilities in other languages, any attacker already knows about > this and can exploit it with minimal effort. Secrecy doesn't therefore > benefit anyone, so I just filed a bug. Yeah, I agree. Just they are the guys who will have to fix it, so it would have been faster to start with them. Cheers, -- Ondřej Surý <[email protected]> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
