[Kjetil Kjernsmo] > The problem was fixed in the recent 1.30 RC1 of the package: > > SECURITY: CVE-2007-1349 (cve.mitre.org) > fix unescaped variable interpolation in Apache::PerlRun > regular expression to prevent regex engine tampering. > reported by Alex Solovey > [Randal L. Schwartz <merlyn@stonehenge.com>, Fred Moyer > <[EMAIL PROTECTED]>]
Indeed, for reference the one-line fix is: svn diff -c521582 http://svn.apache.org/repos/asf/perl/modperl/branches/1.x Do you know the scope of the DoS - does it allow the attacker to kill the process running the perl program, or exhaust your memory, or what? Thanks, Peter
signature.asc
Description: Digital signature