[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 Bug 1492091 depends on bug 1492094, which changed state. Bug 1492094 Summary: CVE-2017-12837 CVE-2017-12883 perl: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1492094 What|Removed |Added Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 --- Comment #7 from Fedora Update System--- perl-5.24.3-389.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 --- Comment #6 from Fedora Update System--- perl-5.24.3-395.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 --- Comment #5 from Fedora Update System--- perl-5.26.1-401.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 --- Doc Text *updated* by Eric Christensen--- A heap write buffer overflow was found in perl's S_regatom() function, which is used in the compilation of regular expressions, resulting in the crash of the perl interpreter. An attacker, able to provide a specially crafted regular expression, could cause a denial of service. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 --- Comment #4 from Cedric Buissart--- Acknowledgments: Name: Sawyer X (Perl) -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 Cedric Buissartchanged: What|Removed |Added Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed||2017-09-25 11:37:50 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 --- Comment #3 from Cedric Buissart--- Acknowledgments: Name: Sawyer X (Perl security team) -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 --- Doc Text *updated* by Cedric Buissart--- A heap write buffer overflow was found in perl's S_regatom() function, which is used in the compilation of regular expressions, resulting in the crash of the perl interpreter. An attacker able to provide a specially crafted regular expression could cause a denial of service. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 --- Comment #2 from Cedric Buissart--- Statement: This issue does not affect perl versions older than 5.18. Perl as shipped in Red Hat Enterprise Linux 7 and older are not affected by this vulnerability. -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 Cedric Buissartchanged: What|Removed |Added Whiteboard|impact=low,public=20170912, |impact=low,public=20170912, |reported=20170913,source=up |reported=20170913,source=up |stream,cvss3=5.9/CVSS:3.0/A |stream,cvss3=5.9/CVSS:3.0/A |V:N/AC:H/PR:N/UI:N/S:U/C:N/ |V:N/AC:H/PR:N/UI:N/S:U/C:N/ |I:N/A:H,cwe=CWE-122,rhel-5/ |I:N/A:H,cwe=CWE-122,rhel-5/ |perl=new,rhel-6/perl=new,rh |perl=notaffected,rhel-6/per |el-7/perl=notaffected,rhscl |l=notaffected,rhel-7/perl=n |-2/rh-perl520-perl=wontfix, |otaffected,rhscl-2/rh-perl5 |rhscl-2/rh-perl524-perl=won |20-perl=wontfix,rhscl-2/rh- |tfix,fedora-all/perl=affect |perl524-perl=wontfix,fedora |ed |-all/perl=affected -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 Cedric Buissartchanged: What|Removed |Added Whiteboard|impact=low,public=20170912, |impact=low,public=20170912, |reported=20170913,source=up |reported=20170913,source=up |stream,cvss3=5.9/CVSS:3.0/A |stream,cvss3=5.9/CVSS:3.0/A |V:N/AC:H/PR:N/UI:N/S:U/C:N/ |V:N/AC:H/PR:N/UI:N/S:U/C:N/ |I:N/A:H,cwe=CWE-122,rhel-5/ |I:N/A:H,cwe=CWE-122,rhel-5/ |perl=new,rhel-6/perl=new,rh |perl=new,rhel-6/perl=new,rh |el-7/perl=new,rhscl-2/rh-pe |el-7/perl=notaffected,rhscl |rl520-perl=new,rhscl-2/rh-p |-2/rh-perl520-perl=wontfix, |erl524-perl=new,fedora-all/ |rhscl-2/rh-perl524-perl=won |perl=affected |tfix,fedora-all/perl=affect ||ed -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 Cedric Buissartchanged: What|Removed |Added Whiteboard|impact=low,public=20170912, |impact=low,public=20170912, |reported=20170913,source=up |reported=20170913,source=up |stream,cvss3=5.9/CVSS:3.0/A |stream,cvss3=5.9/CVSS:3.0/A |V:N/AC:H/PR:N/UI:N/S:U/C:N/ |V:N/AC:H/PR:N/UI:N/S:U/C:N/ |I:N/A:H,cwe=CWE-122,rhel-5/ |I:N/A:H,cwe=CWE-122,rhel-5/ |perl=new,rhel-6/perl=new,rh |perl=new,rhel-6/perl=new,rh |el-7/perl=new,rhscl-2/rh-pe |el-7/perl=new,rhscl-2/rh-pe |rl520-perl=new,rhscl-2/rh-p |rl520-perl=new,rhscl-2/rh-p |erl524-perl=new,directory_s |erl524-perl=new,fedora-all/ |erver_8/perl=new,fedora-all |perl=affected |/perl=affected | -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 Cedric Buissartchanged: What|Removed |Added Priority|medium |low Whiteboard|impact=moderate,public=2017 |impact=low,public=20170912, |0912,reported=20170913,sour |reported=20170913,source=up |ce=debian,cvss3=5.9/CVSS:3. |stream,cvss3=5.9/CVSS:3.0/A |0/AV:N/AC:H/PR:N/UI:N/S:U/C |V:N/AC:H/PR:N/UI:N/S:U/C:N/ |:N/I:N/A:H,cwe=CWE-122,rhel |I:N/A:H,cwe=CWE-122,rhel-5/ |-5/perl=new,rhel-6/perl=new |perl=new,rhel-6/perl=new,rh |,rhel-7/perl=new,rhscl-2/rh |el-7/perl=new,rhscl-2/rh-pe |-perl520-perl=new,rhscl-2/r |rl520-perl=new,rhscl-2/rh-p |h-perl524-perl=new,director |erl524-perl=new,directory_s |y_server_8/perl=new,fedora- |erver_8/perl=new,fedora-all |all/perl=affected |/perl=affected Severity|medium |low -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 Cedric Buissartchanged: What|Removed |Added Blocks||1489904 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 Adam Marišchanged: What|Removed |Added Blocks||1492097 -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
[Bug 1492091] CVE-2017-12837 perl: Heap buffer overflow in regular expression compiler
https://bugzilla.redhat.com/show_bug.cgi?id=1492091 Adam Marišchanged: What|Removed |Added Depends On||1492094 --- Comment #1 from Adam Mariš --- Created perl tracking bugs for this issue: Affects: fedora-all [bug 1492094] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1492094 [Bug 1492094] CVE-2017-12837 CVE-2017-12883 perl: various flaws [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug. ___ perl-devel mailing list -- perl-devel@lists.fedoraproject.org To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org