On Thu, 7 May 1998, Martin Schulze wrote:
> On Thu, May 07, 1998 at 07:41:02AM +0200, Alexander Koch wrote:
> > On Thu, 7 May 1998 01:48:56 -0000, Christian Hudon wrote:
> > > Source: perl
> > > Binary: perl-suid perl-debug perl
> > > Version: 5.003.07-11
> > > Distribution: stable
> > > Urgency: high
> ^^^^
> Changes: fixes security problem.
> > This is not a real upload, isn't it? Since 5.003.whatever is a bit ...
> > out-dated for years?
>
> It is a real upload. It's a security fix for our stable release.
> Uploads into stable may only fix security problems and should not
> introduce new upstream releases.
But 5.003_07 is still quite vulnerable to a once widely-circulated buffer
overflow attack. Only upgrading to 5.004_04 will fix that problem.[*] Now
whether users *want* to upgrade their stable systems to 5.004_04 is
another question, and it probably has different answers depending on
whether or not the users run suid scripts vulnerable to the buffer
overflow or whether they want the absolute stability of sticking with
5.003_07.
Andy Dougherty [EMAIL PROTECTED]
Dept. of Physics
Lafayette College, Easton PA 18042
[*] Well, I guess I could probably plug that one hole without touching
much else, if there's really enough need. The resulting perl would still
have a few quite obscure buffer overflow possibilities, but nothing for
which I'm aware of any widely circulated automated attacks.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
