Henri Salo wrote... > I reported this issue to Debian BTS to notify package maintainers and in the > long run trying to get security issues fixed. Maintainers are not always > following security issues in upstream and so on (not saying this about PHP). I
This is appreciated but a short report about what has been done so far
helps the maintainer to organize the next steps. Even if it's just an
"I didn't take a closer look so it might be a non-issue".
> verified that the segfault condition occurred and did not do more detailed
> analysis of the issue. If there is no security issue in PHP with the poc we
> can
> close this bug.
The crucial question is: Did you verify this in php5 or in file?
Repeating myself another time, just in other words:
* php5 certainly is affected.
* file: I cannot see be that. Neither from the source code nor from
the reproducers that segfault php.
However, I can be convinced otherwise. Just provide a reproducer.
Christoph
signature.asc
Description: Digital signature
