Your message dated Sat, 23 Sep 2017 10:03:16 +0000 with message-id <e1dvhhi-00026q...@fasolo.debian.org> and subject line Bug#875597: fixed in perl 5.24.1-3+deb9u2 has caused the Debian Bug report #875597, regarding perl: CVE-2017-12883: Buffer over-read in regular expression parser to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875597: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875597 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: perl Version: 5.20.2-1 Severity: grave Tags: security patch upstream Forwarded: https://rt.perl.org/Public/Bug/Display.html?id=131598 *** /tmp/perl.reportbug Package: perl X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for perl. CVE-2017-12883[0]: Buffer over-read in regular expression parser >From release notes: For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12883 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883 [1] https://rt.perl.org/Public/Bug/Display.html?id=131598 (not yet public) Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: perl Source-Version: 5.24.1-3+deb9u2 We believe that the bug you reported is fixed in the latest version of perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niko Tyni <nt...@debian.org> (supplier of updated perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 12 Sep 2017 19:37:26 +0300 Source: perl Binary: perl-base perl-doc perl-debug libperl5.24 libperl-dev perl-modules-5.24 perl Architecture: source Version: 5.24.1-3+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Niko Tyni <nt...@debian.org> Changed-By: Niko Tyni <nt...@debian.org> Description: libperl-dev - Perl library: development files libperl5.24 - shared Perl library perl - Larry Wall's Practical Extraction and Report Language perl-base - minimal Perl system perl-debug - debug-enabled Perl interpreter perl-doc - Perl documentation perl-modules-5.24 - Core Perl modules Closes: 875596 875597 Changes: perl (5.24.1-3+deb9u2) stretch-security; urgency=high . * Update upstream base.pm no-dot-in-inc fix patch description. * [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular expression compiler. (Closes: #875596) * [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular expression parser. (Closes: #875597) Checksums-Sha1: 55558fd003a098b5c27fff411a713bf9f9f043e5 2397 perl_5.24.1-3+deb9u2.dsc 5bec25d8821b81a5939ee220997f4c8ab1c13e31 11569284 perl_5.24.1.orig.tar.xz b28812ef403b6b7a12744dc8a2581671bfcfff41 174248 perl_5.24.1-3+deb9u2.debian.tar.xz c52ab1491dfc02a8ec40939d4e45a238d582a06a 4639 perl_5.24.1-3+deb9u2_source.buildinfo Checksums-Sha256: 16a107d177b44570b3048c0407aba647b52808ea5da2e1d59f72156c1d7b752f 2397 perl_5.24.1-3+deb9u2.dsc 03a77bac4505c270f1890ece75afc7d4b555090b41aa41ea478747e23b2afb3f 11569284 perl_5.24.1.orig.tar.xz 2360af85de9a0577d3045e6ffb576c8cc63d9d2622ce6bfbcd8734e63fee50a0 174248 perl_5.24.1-3+deb9u2.debian.tar.xz 0814e386811db45b088a084e2666af7c95876ad0670c3ef88c0dd9fb78a9e73e 4639 perl_5.24.1-3+deb9u2_source.buildinfo Files: 571cb82e155df56ee749700a9f9d07c6 2397 perl standard perl_5.24.1-3+deb9u2.dsc af6a84c7c3e2b8b269c105a5db2f6d53 11569284 perl standard perl_5.24.1.orig.tar.xz 208228e1aa5530eb2e85e56e82ec9929 174248 perl standard perl_5.24.1-3+deb9u2.debian.tar.xz 5dd82e98d23113076cdc35137a998755 4639 perl standard perl_5.24.1-3+deb9u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCAAvFiEEdqKOQsmBHZHoj7peLsD/s7cwGx8FAlm9FvwRHG50eW5pQGRl Ymlhbi5vcmcACgkQLsD/s7cwGx+H8xAAtdIOzvkq7Lc/1TsDawzmMZKcocz/uaLQ kMCtLIHBVyNggXZ/qy0V5utah+YAy6S3/7FuRAqXH/VyaD3/VKERWsuAkD+ecmqi Nk8o3pTglGdxOfTg2td8VxvNDQXWT5Ot/2dQhY/63nD/9vuQegbT0uMUnJ9f68Ux ZRLKHsP/Jnit6ncTfcdHkJ6zAXXI1qVFS7/o4uGMeyWC1RMH8kW5Nr2zyY6dYCgn EoH4Vir7Et2TRL27xVgq/sWgmNMs5rtxew1RXv0hxxqmrOewMnimoZ712r9TQoy7 nwRQLrXPchyzZhKYtYZhnpmqlCCJW9GKarB7bjNuEjWW9qK7Z6FFFei6rwwkEw2J v6k2BelMgvIwu+/pIsGnloSW1ff25eMlGqjCtNQvvxR0PgVZakmgEY675UJ1XuJI ntFkKp6IbM44UV3QAifGaUjcSAdM2Vsip2KepycVWHGQCqZKAlJYJO9zaqDLfczH OymsA/2YSZ1jU7/dIKF4iy8Vop9EcO+LSws0endLUngbDT23qQPCof2S7FpujnwK FYJCv3JeAa45cCDJnnpQ5EGvP0gAUvFgt2n8V9l7kHFxuyDZyH9pGkjbV+Exi5+S 2j1qWNYHVCtqr7qmUxcZilGzn3NzY+4cUK663EoVeXtx1Hlbg+4hWRBD38q/Nrxe gGJoukSS7pE= =S9AW -----END PGP SIGNATURE-----
--- End Message ---
