Bug#689314: marked as done (perl: segfaults when echoing a very long string [CVE-2012-5195])

Debian Bug Tracking System Thu, 13 Dec 2012 15:51:20 -0800

Your message dated Thu, 13 Dec 2012 23:47:11 +0000
with message-id <e1tjiuh-0004gy...@franck.debian.org>
and subject line Bug#689314: fixed in perl 5.10.1-17squeeze4
has caused the Debian Bug report #689314,
regarding perl: segfaults when echoing a very long string [CVE-2012-5195]
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
689314: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689314
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: perl
Version: 5.14.2-13
Severity: normal

# perl -le 'print "v"x(2**31+1) ."=1"'                                          
     
Segmentation fault 

Trying to reproduce the error from
http://git.kernel.org/?p=libs/klibc/klibc.git;a=commitdiff;h=127b17bb38dbfc95386a52b2159f059221d33497
on Debian wheezy/amd64.

Interestingly enough, Debian lenny/amd64 works just fine.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh-static

Versions of packages perl depends on:
ii  libbz2-1.0    1.0.6-4
ii  libc6         2.13-35
ii  libdb5.1      5.1.29-5
ii  libgdbm3      1.8.3-11
ii  perl-base     5.14.2-13
ii  perl-modules  5.14.2-13
ii  zlib1g        1:1.2.7.dfsg-13

Versions of packages perl recommends:
ii  netbase  5.0

Versions of packages perl suggests:
pn  libterm-readline-gnu-perl | libterm-readline-perl-perl  <none>
ii  make                                                    3.81-8.2
pn  perl-doc                                                <none>

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: perl
Source-Version: 5.10.1-17squeeze4

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 689...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves <d...@earth.li> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 11 Dec 2012 14:07:34 +0000
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug perl-suid 
libperl5.10 libperl-dev perl
Architecture: source all i386
Version: 5.10.1-17squeeze4
Distribution: stable-security
Urgency: low
Maintainer: Niko Tyni <nt...@debian.org>
Changed-By: Dominic Hargreaves <d...@earth.li>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.10 - shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
 perl-suid  - runs setuid Perl scripts
Closes: 689314 693420 695223
Changes: 
 perl (5.10.1-17squeeze4) stable-security; urgency=low
 .
   * [SECURITY] CVE-2012-5195: fix a heap buffer overrun with
     the 'x' string repeat operator. (Closes: #689314)
   * [SECURITY] CVE-2012-5526: CGI.pm improper cookie and p3p
     CRLF escaping (Closes: #693420)
   * [SECURITY] add warning to Storable documentation that Storable
     documents should not be accepted from untrusted sources
     (Closes: #695223)
Checksums-Sha1: 
 859eaf2f93180babbe471fc221ad7cbed6765382 1422 perl_5.10.1-17squeeze4.dsc
 3f9e6297d5b811b9022e4778e00d63895e9c8fdb 121727 
perl_5.10.1-17squeeze4.debian.tar.gz
 e909c107d5e95242442cee143f3b4b1486b403f1 53092 
libcgi-fast-perl_5.10.1-17squeeze4_all.deb
 f599f67d614f910a8129d93e2c0b378857c4bb87 7187956 
perl-doc_5.10.1-17squeeze4_all.deb
 f08efb3de41a41faa33d1c138020d17199200cd4 3490686 
perl-modules_5.10.1-17squeeze4_all.deb
 f3a61584d7a7dc399b27345d336bc61cd2ce4c3f 980544 
perl-base_5.10.1-17squeeze4_i386.deb
 5ecd9070fecde471241eb02cd23a6240f451fbef 6631116 
perl-debug_5.10.1-17squeeze4_i386.deb
 80a05d9e5f5d5ca28d290cb3bca1666cbc38f980 33196 
perl-suid_5.10.1-17squeeze4_i386.deb
 7c1ebe62bd63eaace4b7a7440c556f0a3cc701b6 633086 
libperl5.10_5.10.1-17squeeze4_i386.deb
 95e7bd5576cbe8a1af5c0defc7b41b4e5d54925e 2344752 
libperl-dev_5.10.1-17squeeze4_i386.deb
 504bd42009c01d61a153551192b323e995ceab17 3780108 
perl_5.10.1-17squeeze4_i386.deb
Checksums-Sha256: 
 ef099ae048fcee48fe308dc4d4650ba2074a5f90c1a8e9d28d96bfcce317b38f 1422 
perl_5.10.1-17squeeze4.dsc
 920a1803db226adec97566a75322fc6f4433aec20e3c43039aa2ab3cf31af80e 121727 
perl_5.10.1-17squeeze4.debian.tar.gz
 962489e03a44003922580fa022b08d0b6554a80eb9e45d9c8ebba8940dc2590a 53092 
libcgi-fast-perl_5.10.1-17squeeze4_all.deb
 efcd20e8c3193a3813640d3daa2cfde9ae9bdfcce52ccbc32c4787943f58e1c9 7187956 
perl-doc_5.10.1-17squeeze4_all.deb
 9ead387c134c01dc9f0d725775feab9baed389168f1a333a0e6364f73052759f 3490686 
perl-modules_5.10.1-17squeeze4_all.deb
 e28423172fc523150bb5c49e18f1787f729d5a4032147f42fe367e1e2f3ca02e 980544 
perl-base_5.10.1-17squeeze4_i386.deb
 dd38094491bfd651ee5616b9b293ea1d4dbdb6ee745d14f748cca14a372bb379 6631116 
perl-debug_5.10.1-17squeeze4_i386.deb
 1147d30dbcc33a882e51706a45bc37fc9b538fc8c57b35d97b32b1c389674284 33196 
perl-suid_5.10.1-17squeeze4_i386.deb
 bd795bdaf678276261b97dc61dffc7a61ff20c011db4ad029e005edd816b7d64 633086 
libperl5.10_5.10.1-17squeeze4_i386.deb
 47ed2ca6e446abab2510543e372b449ad150f4b992caba9e2cd5997184849ea3 2344752 
libperl-dev_5.10.1-17squeeze4_i386.deb
 0d0baf300ba3245754b279307f9170837f02fe14df6b2ca9490954976f610214 3780108 
perl_5.10.1-17squeeze4_i386.deb
Files: 
 1814a2f123994932b3e80bf6cd40b4a3 1422 perl standard perl_5.10.1-17squeeze4.dsc
 15d60b4e815aacf4ac0b78abe6d8a707 121727 perl standard 
perl_5.10.1-17squeeze4.debian.tar.gz
 383f48282b4f667eee14a8d5beceb82d 53092 perl optional 
libcgi-fast-perl_5.10.1-17squeeze4_all.deb
 2fe68c20002b408dfb5b71edd83e11a0 7187956 doc optional 
perl-doc_5.10.1-17squeeze4_all.deb
 37a799d9de5accc7c855d7d26a83b441 3490686 perl standard 
perl-modules_5.10.1-17squeeze4_all.deb
 a77dccb405afd3f0163cb85a8580fc50 980544 perl required 
perl-base_5.10.1-17squeeze4_i386.deb
 e4bd3eda2a0eab46732e4f626420b46f 6631116 debug extra 
perl-debug_5.10.1-17squeeze4_i386.deb
 7ce01abf61f476552be095f178c57db8 33196 perl optional 
perl-suid_5.10.1-17squeeze4_i386.deb
 2eb4e5e556a49a04a5b5bc395634f4b5 633086 libs optional 
libperl5.10_5.10.1-17squeeze4_i386.deb
 f2a39a143757c6a693e010f70a3fb42c 2344752 libdevel optional 
libperl-dev_5.10.1-17squeeze4_i386.deb
 b1b0e225809e1e9458aa313e932b555d 3780108 perl standard 
perl_5.10.1-17squeeze4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFQx1qIYzuFKFF44qURApn+AKCZfVcM25yRNryeFhW+CsUDDQBWngCcCoJa
StA9P/+fCayFF1GHmZnzXdw=
=1igm
-----END PGP SIGNATURE-----

--- End Message ---

Bug#689314: marked as done (perl: segfaults when echoing a very long string [CVE-2012-5195])

Reply via email to