Your message dated Sat, 23 Sep 2017 11:33:26 +0000 with message-id <e1dvigy-000ejm...@fasolo.debian.org> and subject line Bug#875597: fixed in perl 5.20.2-3+deb8u9 has caused the Debian Bug report #875597, regarding perl: CVE-2017-12883: Buffer over-read in regular expression parser to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 875597: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875597 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: perl Version: 5.20.2-1 Severity: grave Tags: security patch upstream Forwarded: https://rt.perl.org/Public/Bug/Display.html?id=131598 *** /tmp/perl.reportbug Package: perl X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for perl. CVE-2017-12883[0]: Buffer over-read in regular expression parser >From release notes: For certain types of syntax error in a regular expression pattern, the error message could either contain the contents of a random, possibly large, chunk of memory, or could crash perl. This has now been fixed. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12883 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12883 [1] https://rt.perl.org/Public/Bug/Display.html?id=131598 (not yet public) Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: perl Source-Version: 5.20.2-3+deb8u9 We believe that the bug you reported is fixed in the latest version of perl, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 875...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Niko Tyni <nt...@debian.org> (supplier of updated perl package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 12 Sep 2017 20:00:57 +0300 Source: perl Binary: perl-base perl-doc perl-debug libperl5.20 libperl-dev perl-modules perl Architecture: source all Version: 5.20.2-3+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Niko Tyni <nt...@debian.org> Changed-By: Niko Tyni <nt...@debian.org> Description: libperl-dev - Perl library: development files libperl5.20 - shared Perl library perl - Larry Wall's Practical Extraction and Report Language perl-base - minimal Perl system perl-debug - debug-enabled Perl interpreter perl-doc - Perl documentation perl-modules - Core Perl modules Closes: 875596 875597 Changes: perl (5.20.2-3+deb8u9) jessie-security; urgency=high . * Update upstream base.pm no-dot-in-inc fix patch description. * [SECURITY] CVE-2017-12837: Fix a heap buffer overflow in regular expression compiler. (Closes: #875596) * [SECURITY] CVE-2017-12883: Fix a buffer over-read in regular expression parser. (Closes: #875597) + also includes a separate upstream fix from the 5.23 cycle Checksums-Sha1: a8f6239916b9b3d901c359182e73f315a02b12c5 2338 perl_5.20.2-3+deb8u9.dsc 6da22dccc647de5b24d078738073d9ee9b96247e 155320 perl_5.20.2-3+deb8u9.debian.tar.xz 1c281e8443ca1a0274f433d7263b30a9b43196d6 7347158 perl-doc_5.20.2-3+deb8u9_all.deb d5a0b1ec74b275ca0cd929f6b10e784804284991 2553040 perl-modules_5.20.2-3+deb8u9_all.deb Checksums-Sha256: b6a40aaebb24ab28bb6a370d3716eb22acb08c981dc8ea6ad086d7ca6767cc62 2338 perl_5.20.2-3+deb8u9.dsc 98163e774fa007567241645792f98530ad05549756cf82611ae4143964a16a4d 155320 perl_5.20.2-3+deb8u9.debian.tar.xz 72782dd079b6cecdb5e25805570bb86717114cd82abbcf7ac208eb8540d64177 7347158 perl-doc_5.20.2-3+deb8u9_all.deb a8d5eec17ff600c532559da108b1faeac0f97d5f070010b7169a95f97ca98f84 2553040 perl-modules_5.20.2-3+deb8u9_all.deb Files: 78fa7b7ecd7bba701a0ac58e6e819e74 2338 perl standard perl_5.20.2-3+deb8u9.dsc b41745f350a12186e0e806e30f99989a 155320 perl standard perl_5.20.2-3+deb8u9.debian.tar.xz dc4e90b90518de9250bcc0554aef8fa7 7347158 doc optional perl-doc_5.20.2-3+deb8u9_all.deb a7881dbae8502e03bdc879c4ac92fb59 2553040 perl standard perl-modules_5.20.2-3+deb8u9_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEdqKOQsmBHZHoj7peLsD/s7cwGx8FAlm+y40ACgkQLsD/s7cw Gx8J0Q//cXW3FsekrQV3vazHs0mFgZxgMEk7Liqfa5xSWmqzd58jQccmbre343+7 HZkjdzMr3fS0M8Ti59hAHOHmxstiaM1p38Cu8ZtMf9l/LakBpAq+mTSFX7+KE4NL fNL6ldl5565lzXZgddFTdFzc5vY7dTlElQ4T7KIMtdg6zGXo6GVy108/wV3wH71w ZZugnr9NVuWE3JVUaGVTvkgbKmmQ/oDeFbi+u6ewQ5yoOcltyqythChrFB1J8BrD Nlcz2MO8mc0h2ffNWkwusGpaVMnYqKezfUW8piPXznzuSXBdM+K8Fgbi7PXT1alF 1hYNK2eD0cIOSXdEEfvkdfGvwCLJXp7rrowhcAsjYNm0RuqDZjtFOPaSS/9SiOTG KkTC6v/QDM9mBl1D2g4Mp8OJLrEIdDxVvmZ4ozb2II47SmgXCvnaecsIMCo7+67F 3WIe++QVd4ozppYGHXyoDqAVDIX2wF2gam+96ALogVdC3ViObAj7h/oGW6IF7hZ6 MkOCl4fgTDW4Oqid87ZuKwhdW+1KqPvPUAV+fuSQ0T1KbJYc3dXMd/Wbw0D/KmDf +t1lDhWIVlDELcbtcI1HInmRnIt7l9rWigpSGbwux+xo53hGZxTJlIfZkFo2YUml Cp0O2iYQvbbiAD+eCc7ZT0ggalohlACrn551BZK96t36INsunTM= =jyk/ -----END PGP SIGNATURE-----
--- End Message ---
