On Wed, Oct 10, 2012 at 09:35:41PM +0300, Niko Tyni wrote: > severity 689314 grave > retitle 689314 perl: segfaults when echoing a very long string [CVE-2012-5195] > tag 689314 upstream security patch > thanks > > On Mon, Oct 01, 2012 at 04:11:00PM +0200, Thorsten Glaser wrote: > > Package: perl > > Version: 5.14.2-13 > > Severity: normal > > > > # perl -le 'print "v"x(2**31+1) ."=1"' > > > > Segmentation fault > > This has security impact and has been assigned CVE-2012-5195. See > > http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html > > http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e > > It's not quite clear yet if 5.10.1 (squeeze) is affected.
We are nevertheless planning to upload fix to stable-security shortly. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
