On Thu, Jun 05, 2008 at 10:27:26PM +0300, Niko Tyni wrote: > > Any timeframe for a fix? > The patch isn't applied upstream yet, probably because there were concerns > about it creating a memory leak.
So it is a decision between leaked references or too less references. Are you sure that the later, which produces double free calls, don't include the possibility to exploit it? > which would certainly create a memory leak if used as is with a locally > fixed 5.10.0. It relies on the undocumented behaviour of this exact release. > Possibly the best option is to keep our Perl 5.10.0 unfixed for now > and update libperlio-via-dynamic-perl to 0.13. Bastian, please let me > know what you think. If you are able to proof the above question, well. I don't like that but I would do it. If you are not, this have to be seen as a security problem. Bastian -- Spock: We suffered 23 casualties in that attack, Captain. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
