Bug#628836: perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions
Niko Tyni
ntyni at debian.org
Thu Jun 2 16:05:11 UTC 2011
forwarded 628836 http://rt.perl.org/rt3/Public/Bug/Display.html?id=76538
thanks
On Wed, Jun 01, 2011 at 07:21:50PM +0100, Dominic Hargreaves wrote:
> Package: perl-debug
> Severity: important
>
> Tags: security
>
> <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4777>
>
> Confirmed by Moritz on lenny and squeeze with debugperl from perl-debug
> only; therefore it doesn't need a DSA.
>
> Apparently fixed in 5.14.
Michael Schroeder noted in [perl #76538] that this still fails on 5.14.0
with -DDEBUGGING (our /usr/bin/debugperl from perl-debug):
#!/usr/bin/debugperl
my @x = ("AX=B","AAAAAAX=");
utf8::upgrade($x[1]);
for (@x) {
m{^([^=]+?)X\s*=.+$};
print "-> $1\n";
}
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list