[Secure-testing-team] Bug#637376: perl: Encode security: Unicode.xs!decode_xs n-byte heap-overflow
Dominic Hargreaves
dom at earth.li
Wed Aug 10 17:52:43 UTC 2011
Package: perl
Version: 5.12.4-3
Severity: grave
Tags: security
Justification: user security hole
Encode 2.44 has been released with the following change:
! Unicode/Unicode.xs
Addressed the following:
Date: Fri, 22 Jul 2011 13:58:43 +0200
From: Robert Zacek <zacek at avast.com>
To: perl5-security-report at perl.org
Subject: Unicode.xs!decode_xs n-byte heap-overflow
This has been fixed in libencode-perl 2.44-1; it probably also needs
fixing in perl.
The relevant patch appears to be
<http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5>
I haven't seen any further details about this one, but setting severity
to grave for now.
More information about the Secure-testing-team
mailing list