Your message dated Mon, 12 Nov 2007 05:25:27 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#450456: fixed in perl 5.8.8-12
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: perl
Version: 5.8.8-11.1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for perl.
CVE-2007-5116[0]:
| Buffer overflow in the polymorphic opcode support in the Regular
| Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent
| attackers to execute arbitrary code by switching from byte to Unicode
| (UTF) characters in a regular expression.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
This is a serious issue which might lead to code execution.
This was already fixed in stable security and we are working
on fixing this in testing-security.
There is a patch for this on:
http://public.activestate.com/cgi-bin/perlbrowse/30647
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5116
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgptaqY5tKb1j.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: perl
Source-Version: 5.8.8-12
We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:
libcgi-fast-perl_5.8.8-12_all.deb
to pool/main/p/perl/libcgi-fast-perl_5.8.8-12_all.deb
libperl-dev_5.8.8-12_sparc.deb
to pool/main/p/perl/libperl-dev_5.8.8-12_sparc.deb
libperl5.8_5.8.8-12_sparc.deb
to pool/main/p/perl/libperl5.8_5.8.8-12_sparc.deb
perl-base_5.8.8-12_sparc.deb
to pool/main/p/perl/perl-base_5.8.8-12_sparc.deb
perl-debug_5.8.8-12_sparc.deb
to pool/main/p/perl/perl-debug_5.8.8-12_sparc.deb
perl-doc_5.8.8-12_all.deb
to pool/main/p/perl/perl-doc_5.8.8-12_all.deb
perl-modules_5.8.8-12_all.deb
to pool/main/p/perl/perl-modules_5.8.8-12_all.deb
perl-suid_5.8.8-12_sparc.deb
to pool/main/p/perl/perl-suid_5.8.8-12_sparc.deb
perl_5.8.8-12.diff.gz
to pool/main/p/perl/perl_5.8.8-12.diff.gz
perl_5.8.8-12.dsc
to pool/main/p/perl/perl_5.8.8-12.dsc
perl_5.8.8-12_sparc.deb
to pool/main/p/perl/perl_5.8.8-12_sparc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Brendan O'Dea <[EMAIL PROTECTED]> (supplier of updated perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 08 Nov 2007 08:42:01 +1100
Source: perl
Binary: perl-base libcgi-fast-perl libperl-dev perl-debug perl-modules perl
libperl5.8 perl-suid perl-doc
Architecture: source sparc all
Version: 5.8.8-12
Distribution: unstable
Urgency: high
Maintainer: Brendan O'Dea <[EMAIL PROTECTED]>
Changed-By: Brendan O'Dea <[EMAIL PROTECTED]>
Description:
libcgi-fast-perl - CGI::Fast Perl module
libperl-dev - Perl library: development files
libperl5.8 - Shared Perl library
perl - Larry Wall's Practical Extraction and Report Language
perl-base - The Pathologically Eclectic Rubbish Lister
perl-debug - Debug-enabled Perl interpreter
perl-doc - Perl documentation
perl-modules - Core Perl modules
perl-suid - Runs setuid Perl scripts
Closes: 448965 449549 450456
Changes:
perl (5.8.8-12) unstable; urgency=high
.
* SECURITY [CVE-2007-5116] (closes: #450456): Apply patch from
Will Drewry and Tavis Ormandy of the Google Security Team to fix a
UTF-8 related heap overflow in Perl's regular expression compiler,
probably allowing attackers to execute arbitrary code by compiling
specially crafted regular expressions.
.
* Support "nocheck" option in DEB_BUILD_OPTIONS (closes: #449549).
* Suppress Configure test for ualarm() so that setitimer() emulation
is used (closes: #448965).
Files:
3b64748f6100b9b24eb00304a35c13e5 731 perl standard perl_5.8.8-12.dsc
b22ed2f3de336cd639f6f343b17bc466 104470 perl standard perl_5.8.8-12.diff.gz
1b261a5cf2120403b5d27e106a9c57a1 41686 perl optional
libcgi-fast-perl_5.8.8-12_all.deb
b26cf5a4096ba7ac796a76221a759998 7357324 doc optional perl-doc_5.8.8-12_all.deb
ebfaf592b223e30467dcd50723b2e597 2299850 perl standard
perl-modules_5.8.8-12_all.deb
d905e9b7a5c5d3408ecd58a13c66e287 806636 perl required
perl-base_5.8.8-12_sparc.deb
c87cae63f4f547a4b7d77d528dae698f 2768650 perl optional
perl-debug_5.8.8-12_sparc.deb
81f351ae36aa850d4f94f6bda68ec0ea 32836 perl optional
perl-suid_5.8.8-12_sparc.deb
3c3221d4a9fe277c55e6db88553f7d85 1010 libs optional
libperl5.8_5.8.8-12_sparc.deb
b91015bad889d527498eb361f10cec90 593838 libdevel optional
libperl-dev_5.8.8-12_sparc.deb
f3facc937a6d8e12b5de6c91ad5ced93 3682020 perl standard perl_5.8.8-12_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)
iD8DBQFHMrnF8NyOALKMWZURAkqyAJ974dlfDu/+7DV7hYtY/7KMQidFUQCeM/a7
SMdod/9vm4RG9qMrphXbdUI=
=NC9j
-----END PGP SIGNATURE-----
--- End Message ---
