Bug#637376: marked as done (perl: Encode security: Unicode.xs!decode_xs n-byte heap-overflow)

Debian Bug Tracking System Wed, 10 Aug 2011 15:00:55 -0700

Your message dated Wed, 10 Aug 2011 21:49:32 +0000
with message-id <[email protected]>
and subject line Bug#637376: fixed in perl 5.12.4-4
has caused the Debian Bug report #637376,
regarding perl: Encode security: Unicode.xs!decode_xs n-byte heap-overflow
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
637376: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637376
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: perl
Version: 5.12.4-3
Severity: grave
Tags: security
Justification: user security hole

Encode 2.44 has been released with the following change:

! Unicode/Unicode.xs
  Addressed the following:
    Date: Fri, 22 Jul 2011 13:58:43 +0200
    From: Robert Zacek <[email protected]>
    To: [email protected]
    Subject: Unicode.xs!decode_xs n-byte heap-overflow

This has been fixed in libencode-perl 2.44-1; it probably also needs
fixing in perl.

The relevant patch appears to be

<http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5>

I haven't seen any further details about this one, but setting severity
to grave for now.

--- End Message ---

--- Begin Message ---

Source: perl
Source-Version: 5.12.4-4

We believe that the bug you reported is fixed in the latest version of
perl, which is due to be installed in the Debian FTP archive:

libcgi-fast-perl_5.12.4-4_all.deb
  to main/p/perl/libcgi-fast-perl_5.12.4-4_all.deb
libperl-dev_5.12.4-4_i386.deb
  to main/p/perl/libperl-dev_5.12.4-4_i386.deb
libperl5.12_5.12.4-4_i386.deb
  to main/p/perl/libperl5.12_5.12.4-4_i386.deb
perl-base_5.12.4-4_i386.deb
  to main/p/perl/perl-base_5.12.4-4_i386.deb
perl-debug_5.12.4-4_i386.deb
  to main/p/perl/perl-debug_5.12.4-4_i386.deb
perl-doc_5.12.4-4_all.deb
  to main/p/perl/perl-doc_5.12.4-4_all.deb
perl-modules_5.12.4-4_all.deb
  to main/p/perl/perl-modules_5.12.4-4_all.deb
perl_5.12.4-4.debian.tar.gz
  to main/p/perl/perl_5.12.4-4.debian.tar.gz
perl_5.12.4-4.dsc
  to main/p/perl/perl_5.12.4-4.dsc
perl_5.12.4-4_i386.deb
  to main/p/perl/perl_5.12.4-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dominic Hargreaves <[email protected]> (supplier of updated perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 10 Aug 2011 19:25:23 +0100
Source: perl
Binary: perl-base libcgi-fast-perl perl-doc perl-modules perl-debug libperl5.12 
libperl-dev perl
Architecture: source all i386
Version: 5.12.4-4
Distribution: unstable
Urgency: medium
Maintainer: Niko Tyni <[email protected]>
Changed-By: Dominic Hargreaves <[email protected]>
Description: 
 libcgi-fast-perl - CGI::Fast Perl module
 libperl-dev - Perl library: development files
 libperl5.12 - shared Perl library
 perl       - Larry Wall's Practical Extraction and Report Language
 perl-base  - minimal Perl system
 perl-debug - debug-enabled Perl interpreter
 perl-doc   - Perl documentation
 perl-modules - Core Perl modules
Closes: 637376
Changes: 
 perl (5.12.4-4) unstable; urgency=medium
 .
   * Fix decode_xs n-byte heap-overflow security bug in Unicode.xs
     (Closes: #637376)
Checksums-Sha1: 
 a11fa2b5b75dbccb6087cded59df092166843de3 1416 perl_5.12.4-4.dsc
 c58658e76d3f70e071888fe52712a8606e444159 99712 perl_5.12.4-4.debian.tar.gz
 410b164938f9981e3f93db511d77f7adfd7d42c0 56450 
libcgi-fast-perl_5.12.4-4_all.deb
 811e5b0c6c78df55f66a9f1bba1d8c16da19dfdc 7520174 perl-doc_5.12.4-4_all.deb
 1e8496f7816dcf1970c6e19098342d8d7caac2bd 4786020 perl-modules_5.12.4-4_all.deb
 1025a3858c6de4aebaa0c2213c0e94953cc5419d 1455362 perl-base_5.12.4-4_i386.deb
 0a8cfab7982f3ceaaccb9486cd9bed9edd03515c 7508158 perl-debug_5.12.4-4_i386.deb
 02d06b08505ab12be28ade1dfae7e4e2a3b7aa5f 705360 libperl5.12_5.12.4-4_i386.deb
 422537a89a300ef0640af8bfb188fac1a7b0328a 2593000 libperl-dev_5.12.4-4_i386.deb
 79a4eb70c9a8d37b79746322e55a374773698428 3564074 perl_5.12.4-4_i386.deb
Checksums-Sha256: 
 38cd5dc53c1025ea0fa0cf064678de4ab16299a750f02d1d4c37426d230c03fd 1416 
perl_5.12.4-4.dsc
 52d8c2fd11706f41f62065b80e0f7d72a4a16be90f651d9b1718264539b73b1f 99712 
perl_5.12.4-4.debian.tar.gz
 1d62398e22f33900f09f58b57f34924dd47d7ca58c3afa7fca81b9640a3bb7c8 56450 
libcgi-fast-perl_5.12.4-4_all.deb
 cb392e83aa3c0cd4ebaeb9a4bb8abc2a48ba2f569226fbdc67cf39a43314f8c9 7520174 
perl-doc_5.12.4-4_all.deb
 eb12b268632f6f8455067d5dcf6b6ef64026f0eaf3572c302a91e4b6c90c3440 4786020 
perl-modules_5.12.4-4_all.deb
 a9a99a1818afa18d91ff80159a82cf2df9b42b5ee511fca7b1d562fc8a85cf6a 1455362 
perl-base_5.12.4-4_i386.deb
 bcfa627a6ad775bb8a9dbde5e2adbcad09e9fb067b231bf535c0e8a6e293e5c7 7508158 
perl-debug_5.12.4-4_i386.deb
 f2b7606af98d4c3b6798a637ac3c8ccce72c59d126ccea14aba35e7d9c3367f1 705360 
libperl5.12_5.12.4-4_i386.deb
 fa07f9bfac02eb80213b2620e0f30ba4c3d9b6d0a8345bf1435abff0d2eccb8d 2593000 
libperl-dev_5.12.4-4_i386.deb
 ebdc03a0ba2de9062e9cfb30a5919dd3f3ecf27ef944237c85dd9a5f68aef016 3564074 
perl_5.12.4-4_i386.deb
Files: 
 3ca2388e59359ed7222c451c9cc0d202 1416 perl standard perl_5.12.4-4.dsc
 38e4f94e61f10076d02ba344021ef98d 99712 perl standard 
perl_5.12.4-4.debian.tar.gz
 98f1b7794b101885aaf0c51c26d7b0c1 56450 perl optional 
libcgi-fast-perl_5.12.4-4_all.deb
 13b7707fc381fa3696881abe76448c74 7520174 doc optional perl-doc_5.12.4-4_all.deb
 8d4373c1dd767471ebc42c49bd720eaa 4786020 perl standard 
perl-modules_5.12.4-4_all.deb
 0a6c1543dfbd439c90212db346fb6d5e 1455362 perl required 
perl-base_5.12.4-4_i386.deb
 153f6cdbab1beafc795a19054fc2bfeb 7508158 debug extra 
perl-debug_5.12.4-4_i386.deb
 7bc8e5e5dbe0f7138b243e45e5e6e3f1 705360 libs optional 
libperl5.12_5.12.4-4_i386.deb
 da2663bbb6bb0b9bb77e894e838eb100 2593000 libdevel optional 
libperl-dev_5.12.4-4_i386.deb
 bc1117fa8704e17dee02b10c1e35a339 3564074 perl standard perl_5.12.4-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOQvaFYzuFKFF44qURArXeAJ9ArycvseNcwFbzyRhf2ziE4KmIigCgmcip
TTyNiBm9c30K6zK1i0qHqX8=
=YXuX
-----END PGP SIGNATURE-----

--- End Message ---

Bug#637376: marked as done (perl: Encode security: Unicode.xs!decode_xs n-byte heap-overflow)

Reply via email to