[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Bug 1187149 depends on bug 1187151, which changed state. Bug 1187151 Summary: CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1187151 What|Removed |Added Status|NEW |CLOSED Resolution|--- |WONTFIX -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/perl-devel@lists.fedoraproject.org
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Yasuhiro Ozone yoz...@redhat.com changed: What|Removed |Added CC||yoz...@redhat.com -- You are receiving this mail because: You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Vasyl Kaigorodov vkaig...@redhat.com changed: What|Removed |Added Status|CLOSED |NEW Resolution|WONTFIX |--- Keywords||Reopened -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=g6XuhM3Ttca=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Vasyl Kaigorodov vkaig...@redhat.com changed: What|Removed |Added Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed|2015-03-16 08:54:16 |2015-03-16 09:58:54 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=RWsNTtLrdza=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Vasyl Kaigorodov vkaig...@redhat.com changed: What|Removed |Added Status|NEW |CLOSED CC||vkaig...@redhat.com Resolution|--- |WONTFIX Whiteboard|impact=low,public=20150123, |impact=low,public=20150123, |reported=20150127,source=os |reported=20150127,source=os |s-security,cvss2=4.3/AV:N/A |s-security,cvss2=4.3/AV:N/A |C:M/Au:N/C:N/I:N/A:P,cwe=CW |C:M/Au:N/C:N/I:N/A:P,cwe=CW |E-190,fedora-all/perl=affec |E-190,fedora-all/perl=affec |ted,rhel-5/perl=affected,rh |ted,rhel-5/perl=wontfix,rhe |el-6/perl=affected,rhel-7/p |l-6/perl=wontfix,rhel-7/per |erl=affected,directory_serv |l=wontfix,directory_server_ |er_8/perl=affected |8/perl=wontfix Last Closed||2015-03-16 08:54:16 --- Comment #4 from Vasyl Kaigorodov vkaig...@redhat.com --- Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=V4sYr18OyKa=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Stefan Cornelius scorn...@redhat.com changed: What|Removed |Added Priority|medium |low External Bug ID||Debian BTS 776046 Whiteboard|impact=moderate,public=2015 |impact=low,public=20150123, |0123,reported=20150127,sour |reported=20150127,source=os |ce=oss-security,cvss2=4.3/A |s-security,cvss2=4.3/AV:N/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |C:M/Au:N/C:N/I:N/A:P,cwe=CW |we=CWE-190,fedora-all/perl= |E-190,fedora-all/perl=affec |affected,rhel-5/perl=affect |ted,rhel-5/perl=affected,rh |ed,rhel-6/perl=affected,rhe |el-6/perl=affected,rhel-7/p |l-7/perl=affected,directory |erl=affected,directory_serv |_server_8/perl=new |er_8/perl=affected Severity|medium |low --- Comment #3 from Stefan Cornelius scorn...@redhat.com --- The code responsible for processing regular expression backreferences in regcomp.c did not properly handle large digit strings. An attacker able to pass specially crafted regular expressions containing large backreferences can exploit this issue to e.g. cause an application crash due to an out-of-bounds read caused by an array indexing error in the S_regmatch() function. It's possible that this flaw may not affect 32bit platforms. SUSE has previously fixed this via http://marc.info/?l=opensuse-commitm=121933719424130, although this patch is different from the one used Perl upstream. OSS post assigning the CVE: http://www.openwall.com/lists/oss-security/2015/01/27/3 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=e0OeGtePcAa=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Stefan Cornelius scorn...@redhat.com changed: What|Removed |Added Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |0123,reported=20150127,sour |0123,reported=20150127,sour |ce=oss-security,cvss2=4.3/A |ce=oss-security,cvss2=4.3/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |V:N/AC:M/Au:N/C:N/I:N/A:P,c |we=CWE-190,fedora-all/perl= |we=CWE-190,fedora-all/perl= |affected,rhel-5/perl=new,rh |affected,rhel-5/perl=affect |el-6/perl=new,rhel-7/perl=n |ed,rhel-6/perl=affected,rhe |ew,directory_server_8/perl= |l-7/perl=affected,directory |new |_server_8/perl=new -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=C1jExwHtSua=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Ján Rusnačko jrusn...@redhat.com changed: What|Removed |Added CC||jrusn...@redhat.com Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |0123,reported=20150127,sour |0123,reported=20150127,sour |ce=oss-security,cvss2=4.3/A |ce=oss-security,cvss2=4.3/A |V:N/AC:M/Au:N/C:N/I:N/A:P,c |V:N/AC:M/Au:N/C:N/I:N/A:P,c |we=CWE-191,fedora-all/perl= |we=CWE-190,fedora-all/perl= |affected,rhel-5/perl=new,rh |affected,rhel-5/perl=new,rh |el-6/perl=new,rhel-7/perl=n |el-6/perl=new,rhel-7/perl=n |ew,directory_server_8/perl= |ew,directory_server_8/perl= |new |new -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=U6xgnBpHwKa=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Martin Prpic mpr...@redhat.com changed: What|Removed |Added Blocks||1187150 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=0k7CDBgHQ9a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Martin Prpic mpr...@redhat.com changed: What|Removed |Added Depends On||1187151 --- Comment #1 from Martin Prpic mpr...@redhat.com --- Created perl tracking bugs for this issue: Affects: fedora-all [bug 1187151] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1187151 [Bug 1187151] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=GasmLicNwGa=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel
[Bug 1187149] CVE-2013-7422 perl: segmentation fault in S_regmatch on negative backreference
https://bugzilla.redhat.com/show_bug.cgi?id=1187149 Martin Prpic mpr...@redhat.com changed: What|Removed |Added Whiteboard|impact=moderate,public=2015 |impact=moderate,public=2015 |0123,reported=20150127,sour |0123,reported=20150127,sour |ce=oss-sec,cvss2=4.3/AV:N/A |ce=oss-security,cvss2=4.3/A |C:M/Au:N/C:N/I:N/A:P,cwe=CW |V:N/AC:M/Au:N/C:N/I:N/A:P,c |E-191,fedora-all/perl=affec |we=CWE-191,fedora-all/perl= |ted,rhel-5/perl=new,rhel-6/ |affected,rhel-5/perl=new,rh |perl=new,rhel-7/perl=new,di |el-6/perl=new,rhel-7/perl=n |rectory_server_8/perl=new |ew,directory_server_8/perl= ||new -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dqX4j6Q4OFa=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/perl-devel