Bug#341542: CVE number
On Fri, Dec 02, 2005 at 10:55:56AM +0100, Martin Pitt wrote: >The CVE number CVE-2005-3962 has been assigned to this. Please mention >this number in the changelog when you fix this. Yes, Fedora quoted that number in their advisory. Oddly, cve.mitre.org doesn't appear to have that have a match for that number. I've prepared a preliminary upload incorporating change 26240, although am holding off for a bit, as there would appear that there may be more than one patch required: http://www.xray.mpe.mpg.de/mailing-lists/perl5-porters/2005-12/msg00030.html --bod -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#341542: CVE number
Hi! The CVE number CVE-2005-3962 has been assigned to this. Please mention this number in the changelog when you fix this. Thanks, Martin == Name: CVE-2005-3962 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3962 Reference: FULLDISC:20051201 Perl format string integer wrap vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2 Reference: MISC:http://www.dyadsecurity.com/perl-0002.html Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, as demonstrated using format string vulnerabilities in Perl applications. -- Martin Pitthttp://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates? signature.asc Description: Digital signature
