Source: perl Version: 5.20.2-1 Severity: grave Tags: security patch upstream Forwarded: https://rt.perl.org/Public/Bug/Display.html?id=131598
*** /tmp/perl.reportbug Package: perl X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for perl. CVE-2017-12883[0]: Buffer over-read in regular expression parser >From release notes: For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12883 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883 [1] https://rt.perl.org/Public/Bug/Display.html?id=131598 (not yet public) Regards, Salvatore
