Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package perl It contains a minimal security fix for CVE-2012-5195. We'll address the other open RC bug (#688842) once this is in, I wanted to handle the urgency=high thing first. diff -Nru perl-5.14.2/debian/changelog perl-5.14.2/debian/changelog --- perl-5.14.2/debian/changelog 2012-09-07 01:36:13.000000000 +0300 +++ perl-5.14.2/debian/changelog 2012-10-10 21:17:40.000000000 +0300 @@ -1,3 +1,10 @@ +perl (5.14.2-14) unstable; urgency=high + + * [SECURITY] CVE-2012-5195: fix a heap buffer overrun with + the 'x' string repeat operator. (Closes: #689314) + + -- Niko Tyni <nt...@debian.org> Wed, 10 Oct 2012 21:17:36 +0300 + perl (5.14.2-13) unstable; urgency=low * Apply patch fixing IPC::Open3 when command is '-' (Closes: #683894) diff -Nru perl-5.14.2/debian/patches/fixes/string_repeat_overrun.diff perl-5.14.2/debian/patches/fixes/string_repeat_overrun.diff --- perl-5.14.2/debian/patches/fixes/string_repeat_overrun.diff 1970-01-01 02:00:00.000000000 +0200 +++ perl-5.14.2/debian/patches/fixes/string_repeat_overrun.diff 2012-10-10 21:16:46.000000000 +0300 @@ -0,0 +1,35 @@ +From a62ad82c162c6e8152d22f237baa809caac15e6f Mon Sep 17 00:00:00 2001 +From: Andy Dougherty <dough...@lafayette.edu> +Date: Thu, 27 Sep 2012 09:52:18 -0400 +Subject: avoid calling memset with a negative count + +Poorly written perl code that allows an attacker to specify the count to +perl's 'x' string repeat operator can already cause a memory exhaustion +denial-of-service attack. A flaw in versions of perl before 5.15.5 can +escalate that into a heap buffer overrun; coupled with versions of glibc +before 2.16, it possibly allows the execution of arbitrary code. + +The flaw addressed to this commit has been assigned identifier +CVE-2012-5195. + +Origin: upstream, http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e +Bug-Debian: http://bugs.debian.org/689314 +Patch-Name: fixes/string_repeat_overrun.diff +--- + util.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/util.c b/util.c +index 0ea39c6..230211e 100644 +--- a/util.c ++++ b/util.c +@@ -3319,6 +3319,9 @@ Perl_repeatcpy(register char *to, register const char *from, I32 len, register I + { + PERL_ARGS_ASSERT_REPEATCPY; + ++ if (count < 0) ++ Perl_croak_nocontext("%s",PL_memory_wrap); ++ + if (len == 1) + memset(to, *from, count); + else if (count) { diff -Nru perl-5.14.2/debian/patches/series perl-5.14.2/debian/patches/series --- perl-5.14.2/debian/patches/series 2012-09-07 01:36:17.000000000 +0300 +++ perl-5.14.2/debian/patches/series 2012-10-10 21:16:46.000000000 +0300 @@ -60,3 +60,4 @@ debian/perl5db-x-terminal-emulator.patch fixes/socket_cache_propagate.diff fixes/ipc_open3.diff +fixes/string_repeat_overrun.diff unblock perl/5.14.2-14 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20121010192932.25985.1127.reportbug@madeleine.local.invalid
