https://bugzilla.redhat.com/show_bug.cgi?id=1492093
Bug ID: 1492093
Summary: CVE-2017-12883 perl: Buffer over-read in regular
expression parser
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-t...@redhat.com
Reporter: ama...@redhat.com
CC: al...@redhat.com, caillon+fedoraproj...@gmail.com,
caol...@redhat.com, hho...@redhat.com,
iarn...@gmail.com, jor...@redhat.com,
jples...@redhat.com, ka...@ucw.cz,
mbar...@fastmail.com,
perl-devel@lists.fedoraproject.org,
perl-maint-l...@redhat.com, ppi...@redhat.com,
psab...@redhat.com, rc040...@freenet.de,
rhug...@redhat.com, sandm...@redhat.com,
tcall...@redhat.com
For certain types of syntax error in a regular expression pattern, the error
message could either contain the contents of a random, possibly large, chunk of
memory, or could crash perl.
Upstream patch:
https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f
Bug report (not public atm):
https://rt.perl.org/Public/Bug/Display.html?id=131598
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
perl-devel mailing list -- perl-devel@lists.fedoraproject.org
To unsubscribe send an email to perl-devel-le...@lists.fedoraproject.org
