Package: perl Version: 5.8.4-5 Severity: critical Tags: security patch Justification: root security hole
Hi Brendan! suid-perl scripts in conjunction with the PERLIO_DEBUG environment variable have two vulnerabilities (exploitable buffer overflow and arbitrary file overwrite). Please see the Ubuntu USN for details: http://www.ubuntulinux.org/support/documentation/usn/usn-72-1 The Ubuntu debdiff is at http://patches.ubuntu.com/patches/perl.CAN-2005-0155_0156.diff However, I just made the fix inline without putting it in debian/patches. Thanks, Martin -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.10 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Versions of packages perl depends on: ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [ ii libgdbm3 1.8.3-2 GNU dbm database routines (runtime ii perl-base 5.8.4-5 The Pathologically Eclectic Rubbis ii perl-modules 5.8.4-5 Core Perl modules -- no debconf information -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature
