Bug#689314: perl: segfaults when echoing a very long string
Niko Tyni
ntyni at debian.org
Wed Oct 10 18:35:41 UTC 2012
severity 689314 grave
retitle 689314 perl: segfaults when echoing a very long string [CVE-2012-5195]
tag 689314 upstream security patch
thanks
On Mon, Oct 01, 2012 at 04:11:00PM +0200, Thorsten Glaser wrote:
> Package: perl
> Version: 5.14.2-13
> Severity: normal
>
> # perl -le 'print "v"x(2**31+1) ."=1"'
> Segmentation fault
This has security impact and has been assigned CVE-2012-5195. See
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
It's not quite clear yet if 5.10.1 (squeeze) is affected.
I'll upload a fix to sid/wheezy shortly.
--
Niko Tyni ntyni at debian.org
More information about the Perl-maintainers
mailing list