In perl.git, the branch blead has been updated <https://perl5.git.perl.org/perl.git/commitdiff/3c1b037f652c65ec12fbb10e4d08e0b1599b6aa5?hp=cc27c3b3ef8a22c153554c7756ac1a22daddff28>
- Log ----------------------------------------------------------------- commit 3c1b037f652c65ec12fbb10e4d08e0b1599b6aa5 Author: Abigail <abig...@abigail.be> Date: Sun Dec 16 20:12:24 2018 +0100 Perldelta: Clarify when CVE-2018-18312 was fixed. This was originally fixed in 5.29.4. The patch itself does have an entry in the perldelta for 5.29.4, but it was, intentionally, not made clear a security hole was fixed. This was delayed until 5.28.1 and 5.26.3 were released. ----------------------------------------------------------------------- Summary of changes: pod/perldelta.pod | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pod/perldelta.pod b/pod/perldelta.pod index 372af385ec..048bbb591c 100644 --- a/pod/perldelta.pod +++ b/pod/perldelta.pod @@ -30,7 +30,8 @@ That statement was wrong. Try to forget you ever saw it. =head2 [CVE-2018-18312] Heap-buffer-overflow write in S_regatom (regcomp.c) A crafted regular expression could cause heap-buffer-overflow write during -compilation, potentially allowing arbitrary code execution. +compilation, potentially allowing arbitrary code execution. (This was +actually fixed in 5.29.4, but not announced as a security fix at the time). L<[perl #133423]|https://rt.perl.org/Ticket/Display.html?id=133423> -- Perl5 Master Repository