Your message dated Mon, 4 Jul 2011 12:55:42 +0100
with message-id <20110704115542.gh15...@urchin.earth.li>
and subject line Fixed in lenny and squeeze
has caused the Debian Bug report #631529,
regarding Missing fix for CVE-2010-1447
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
631529: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631529
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: perl
Severity: grave
Tags: security
Hi Perl maintainers,
it turns out that CVE-2010-1447 is still missing in Lenny and
Squeeze. It was originally attributed to Postgres, but it
was later found out that Perl is affected as well.
The attached patch is still needed in both Lenny and Squeeze.
Cheers,
Moritz
Fix for CVE-2010-1447
--- perl-5.10.0/ext/Opcode/Safe.pm
+++ perl-5.10.0/ext/Opcode/Safe.pm
@@ -338,6 +338,7 @@ sub reval {
? Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub)
: scalar Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
_clean_stash($root.'::') if $sg != sub_generation();
+ $obj->wrap_code_refs_within(@subret);
return (wantarray) ? @subret : $subret[0];
}
@@ -416,6 +417,7 @@ sub rdo {
? Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub)
: scalar Opcode::_safe_call_sv($root, $obj->{Mask}, $evalsub);
_clean_stash($root.'::') if $sg != sub_generation();
+ $obj->wrap_code_refs_within(@subret);
return (wantarray) ? @subret : $subret[0];
}
@@ -629,9 +631,9 @@ expression evaluated, or a return statement may be used,
just as with
subroutines and B<eval()>. The context (list or scalar) is determined
by the caller as usual.
-This behaviour differs from the beta distribution of the Safe extension
-where earlier versions of perl made it hard to mimic the return
-behaviour of the eval() command and the context was always scalar.
+If the return value of reval() is (or contains) any code reference,
+those code references are wrapped to be themselves executed always
+in the compartment. See L</wrap_code_refs_within>.
The formerly undocumented STRICT argument sets strictness: if true
'use strict;' is used, otherwise it uses 'no strict;'. B<Note>: if
--- End Message ---
--- Begin Message ---
Version: 5.10.1-17squeeze2, 5.10.0-19lenny5
Now fixed in stable and oldstable, so closing.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--- End Message ---
