In perl.git, the branch blead has been updated
<https://perl5.git.perl.org/perl.git/commitdiff/3c1b037f652c65ec12fbb10e4d08e0b1599b6aa5?hp=cc27c3b3ef8a22c153554c7756ac1a22daddff28>
- Log -----------------------------------------------------------------
commit 3c1b037f652c65ec12fbb10e4d08e0b1599b6aa5
Author: Abigail <abig...@abigail.be>
Date: Sun Dec 16 20:12:24 2018 +0100
Perldelta: Clarify when CVE-2018-18312 was fixed.
This was originally fixed in 5.29.4. The patch itself does have
an entry in the perldelta for 5.29.4, but it was, intentionally,
not made clear a security hole was fixed. This was delayed until
5.28.1 and 5.26.3 were released.
-----------------------------------------------------------------------
Summary of changes:
pod/perldelta.pod | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/pod/perldelta.pod b/pod/perldelta.pod
index 372af385ec..048bbb591c 100644
--- a/pod/perldelta.pod
+++ b/pod/perldelta.pod
@@ -30,7 +30,8 @@ That statement was wrong. Try to forget you ever saw it.
=head2 [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c)
A crafted regular expression could cause heap-buffer-overflow write during
-compilation, potentially allowing arbitrary code execution.
+compilation, potentially allowing arbitrary code execution. (This was
+actually fixed in 5.29.4, but not announced as a security fix at the time).
L<[perl #133423]|https://rt.perl.org/Ticket/Display.html?id=133423>
--
Perl5 Master Repository
