Package: libconvert-uulib-perl Version: 1.12-1 Hello,
I was just wondering if Debian has accidentally missed a security / DoS related bugfix of Convert::UUlib module. The fix was done in version 1.34 and even sid seems to have only 1.33 and squeeze/lenny are bundled with much more older versions. None of those Debian versions mention anything about a possible backport in their changelog. Gentoo, OpenBSD, (open)SUSE, Fedora and others seem to have patched this issue from late January already, but I'm unable to find any information related to this from Debian. Some reports say this is "only" a DoS weakness, others claim this can lead to possible code execution. https://secunia.com/advisories/42998/ http://vigilance.fr/vulnerability/Perl-Convert-UUlib-buffer-overflow-of-UURepairData-10291 Best regards, Janne Pikkarainen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
