retitle 637376 perl: [CVE-2011-2939] Encode security: Unicode.xs!decode_xs n-byte heap-overflow thanks
On Wed, Aug 10, 2011 at 06:52:43PM +0100, Dominic Hargreaves wrote: > Package: perl > Version: 5.12.4-3 > Severity: grave > Tags: security > Justification: user security hole > > Encode 2.44 has been released with the following change: > > ! Unicode/Unicode.xs > Addressed the following: > Date: Fri, 22 Jul 2011 13:58:43 +0200 > From: Robert Zacek <za...@avast.com> > To: perl5-security-rep...@perl.org > Subject: Unicode.xs!decode_xs n-byte heap-overflow > I haven't seen any further details about this one, but setting severity > to grave for now. Quoting Josh Bresser in http://www.openwall.com/lists/oss-security/2011/08/19/17 > I'm going to assign this CVE-2011-2939. It looks like a single byte > overflow. It's probably not exploitable (even as a DoS), but to play it > safe, I'm assigning this ID. -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
