Control: retitle -1 perl: Segfault in S_regmatch from bad backreference (CVE-2013-7422)
Hi Niko, On Fri, Jan 23, 2015 at 01:01:13PM +0200, Niko Tyni wrote: > Package: perl > Version: 5.14.2-21 > Severity: important > Tags: wheezy security > Forwarded: https://rt.perl.org/Public/Bug/Display.html?id=119505 > Control: fixed -1 5.20.0-1 > > perl -e '/\7777777777/' > Segmentation fault (core dumped) > > This was fixed upstream in 5.19.5 with > > http://perl5.git.perl.org/perl.git/commitdiff/0c2990d652e985784f095bba4bc356481a66aa06 > > so it doesn't affect jessie or sid. > > carnil from the security team says this should be probably be fixed in > a point release but it's not worth a DSA. So this got assigned a CVE now, it is CVE-2013-7422, see http://www.openwall.com/lists/oss-security/2015/01/27/3 Regards, Salvatore -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
