Package: perl
Version: 5.10.1-5
Severity: grave
Tags: security
Quoting a posting from Jan Lieskovsky/Red Hat to oss-security.
I've verified that Etch and Lenny are not affected.
Cheers,
Moritz
Hello Steve, vendors,
Mark Martinec reported Perl crash while processing utf-8 character
with large and invalid codepoint.
References:
--
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 (original source)
http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 (perl bug)
http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/ (PoC)
Affected versions:
--
Have checked Perl of versions perl-5.8.0, perl-5.8.5, perl-5.8.8, perl-5.10.0
is not vulnerable to this flaw.
Issue was confirmed in Perl of version perl-5.10.1, as available at:
http://www.cpan.org/src/perl-5.10.1.tar.gz
CVE identifier:
---
CVE identifier of CVE-2009-3626 has been already assigned to this issue.
---
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-2-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages perl depends on:
ii libbz2-1.0 1.0.5-3 high-quality block-sorting file co
ii libc6 2.9-27GNU C Library: Shared libraries
ii libdb4.7 4.7.25-8 Berkeley v4.7 Database Libraries [
ii libgdbm3 1.8.3-6+b1GNU dbm database routines (runtime
ii perl-base 5.10.1-5 minimal Perl system
ii perl-modules 5.10.1-5 Core Perl modules
ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime
Versions of packages perl recommends:
ii make 3.81-6 An utility for Directing compilati
ii netbase 4.37 Basic TCP/IP networking system
Versions of packages perl suggests:
pn libterm-readline-gnu-perl | l none (no description available)
ii perl-doc 5.10.1-5 Perl documentation
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org