Bug#637376: perl: Encode security: Unicode.xs!decode_xs n-byte heap-overflow
Niko Tyni
ntyni at debian.org
Sun Aug 21 15:52:28 UTC 2011
retitle 637376 perl: [CVE-2011-2939] Encode security: Unicode.xs!decode_xs n-byte heap-overflow
thanks
On Wed, Aug 10, 2011 at 06:52:43PM +0100, Dominic Hargreaves wrote:
> Package: perl
> Version: 5.12.4-3
> Severity: grave
> Tags: security
> Justification: user security hole
>
> Encode 2.44 has been released with the following change:
>
> ! Unicode/Unicode.xs
> Addressed the following:
> Date: Fri, 22 Jul 2011 13:58:43 +0200
> From: Robert Zacek <zacek at avast.com>
> To: perl5-security-report at perl.org
> Subject: Unicode.xs!decode_xs n-byte heap-overflow
> I haven't seen any further details about this one, but setting severity
> to grave for now.
Quoting Josh Bresser in
http://www.openwall.com/lists/oss-security/2011/08/19/17
> I'm going to assign this CVE-2011-2939. It looks like a single byte
> overflow. It's probably not exploitable (even as a DoS), but to play it
> safe, I'm assigning this ID.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list