On 2013-01-22 23:59, Dominic Hargreaves wrote: > Adding debian-release as CC. > > On Wed, Jan 16, 2013 at 07:33:19AM +0100, Salvatore Bonaccorso wrote: >> Hi Dominic >> >> On Tue, Jan 15, 2013 at 11:26:09PM +0000, Dominic Hargreaves wrote: >>> On Mon, Jan 14, 2013 at 09:46:55PM +0100, Salvatore Bonaccorso wrote: >>>> Upload of Digest::SHA 5.81 mentions the following: >>>> >>>> 5.81 Mon Jan 14 05:17:08 MST 2013 >>>> - corrected load subroutine (SHA.pm) to prevent double-free >>>> -- Bug #82655: Security issue - segfault >>>> -- thanks to Victor Efimov and Nicholas Clark >>>> for technical expertise and suggestions >>>> >>>> Upstream bugreport is [1] and it was also sent to >>>> [email protected] list. >>>> >>>> [1]: https://rt.cpan.org/Ticket/Display.html?id=82655 >>> >>> The view so far appears to be that this is not exploitable: >>> >>> http://seclists.org/oss-sec/2013/q1/88 >> >> Yes I have seen. I think at this stage we can remove the security tag >> for #698174 (and #698172). > > At this stage I'm not planning to push this for inclusion in wheezy; > since it doesn't meet <http://release.debian.org/wheezy/freeze_policy.html> > but let me know if anyone thinks differently. >
Is this the same fix as in libdigest-sha-perl? If so, that already got an unblock. ~Niels -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
