Your message dated Tue, 12 Sep 2017 16:36:45 +0000 with message-id <e1drob3-000aaf...@fasolo.debian.org> and subject line Bug#875596: fixed in perl 5.26.0-8 has caused the Debian Bug report #875596, regarding perl: CVE-2017-12837: Heap buffer overflow in regular expression compiler to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875596: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875596 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: perl Version: 5.20.2-1 Severity: grave Tags: security upstream patch Forwarded: https://rt.perl.org/Public/Bug/Display.html?id=131582 Hi, the following vulnerability was published for perl. CVE-2017-12837[0]: Heap buffer overflow in regular expression compiler >From release notes: Compiling certain regular expression patterns with the case-insensitive modifier could cause a heap buffer overflow and crash perl. This has now been fixed. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12837 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12837 [1] https://rt.perl.org/Public/Bug/Display.html?id=131582 (not yet public) Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: perl Source-Version: 5.26.0-8 We believe that the bug you reported is fixed in the latest version of perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niko Tyni <nt...@debian.org> (supplier of updated perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 12 Sep 2017 18:07:07 +0300 Source: perl Binary: perl-base perl-doc perl-debug libperl5.26 libperl-dev perl-modules-5.26 perl Architecture: source Version: 5.26.0-8 Distribution: unstable Urgency: high Maintainer: Niko Tyni <nt...@debian.org> Changed-By: Niko Tyni <nt...@debian.org> Description: libperl-dev - Perl library: development files libperl5.26 - shared Perl library perl - Larry Wall's Practical Extraction and Report Language perl-base - minimal Perl system perl-debug - debug-enabled Perl interpreter perl-doc - Perl documentation perl-modules-5.26 - Core Perl modules Closes: 875596 875597 Changes: perl (5.26.0-8) unstable; urgency=high . * [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular expression compiler. (Closes: #875596) * [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular expression parser. (Closes: #875597) Checksums-Sha1: f95120a308ccd796d99a8548f9c64b212ec550e4 2369 perl_5.26.0-8.dsc f9176e4620608ba402d3d3f2ae716465a38820f9 159896 perl_5.26.0-8.debian.tar.xz 8177ea4c20d16448b2e5c1261c40c2c61c3850a8 4611 perl_5.26.0-8_source.buildinfo Checksums-Sha256: 14287efb9981734a2e15c3508b91e1fd3ca1342e9fc6f49c37ed00acd757aece 2369 perl_5.26.0-8.dsc e6c7f4b6a5790f5909c007d3efe4dcb1f6c6b41da95e4f7ea74748bfb7e198d1 159896 perl_5.26.0-8.debian.tar.xz 16da5c6077c6eb2fa35862528419867c044a56774bf7a4f04a2ed98ea7cf62c2 4611 perl_5.26.0-8_source.buildinfo Files: 0ff475c5f4cd3296fb403e4055fff538 2369 perl standard perl_5.26.0-8.dsc e91e79592df67bd0889ba186b7ad744a 159896 perl standard perl_5.26.0-8.debian.tar.xz c97b94dceba8c050a9e3651b2f773b45 4611 perl standard perl_5.26.0-8_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEEdqKOQsmBHZHoj7peLsD/s7cwGx8FAlm3+LsRHG50eW5pQGRl Ymlhbi5vcmcACgkQLsD/s7cwGx8gMg/+Lsw2jknW2dCMddrJgLDZSxwah0FdGbaY l9OpXv3lnb7TMJhHKMfysXv1bxSxyYGDKmJ3pAqDzBTmjhQsVlxnBQHeITSQda25 eA+ghNpPHwlyY6J+u6bNSYUlVuMHEHYhXwdJGGaOwxhqOxe8uRPsp0geyybL2Bz3 Xuk+kW0ueuPFHxjOfmketGpv0q+iIna6tWBovKNLTdS4XZXtsAP/t8k+ol4jlyJk 1qd+ISKQcPNmsI40uFwz5gbVWNnakwCDS2yKERGlk2/l7pbUkS12THLGEyXgXhll JUuGDuURSqlb8F9BrpLg9rv1bcGN7DrcYsMD0eO3b7B3AndcoVU0PjobZL4p/0Yw g2AcPnx3JneG7zQrLWmm2S/AeOyCnhKykW0L1bpEupmBz57ZmlliDdOa7Ojpbbbv e0Grz9w65IbNBmbIFWYKGIhJF/ostQIBDC8on2aOGMpXswE8Jzbqjs7/2OsI7CCN 1fL9miC+u5ltAOBUhZRF18kAoTPbbleob5AlQ7kW1YEh/1yLxGaoPUI5O+OBN8A8 jZshFHno41iyH8M1gBre4uvfdiavjjF5I9h0LyvKfV4gfpSzdwhBj2gAY1bcK941 ptzeow6z70fu4Z2cMizWBOANWvj8UDrRayE4034Br7IwGCTqq2aRo55YrmBhiXt0 QwxyU8M/FiY= =b7HZ -----END PGP SIGNATURE-----
--- End Message ---
