Bug#698174: perl: double-free in load subroutine for Digest::SHA
Dominic Hargreaves
dom at earth.li
Tue Jan 15 23:26:09 UTC 2013
On Mon, Jan 14, 2013 at 09:46:55PM +0100, Salvatore Bonaccorso wrote:
> Upload of Digest::SHA 5.81 mentions the following:
>
> 5.81 Mon Jan 14 05:17:08 MST 2013
> - corrected load subroutine (SHA.pm) to prevent double-free
> -- Bug #82655: Security issue - segfault
> -- thanks to Victor Efimov and Nicholas Clark
> for technical expertise and suggestions
>
> Upstream bugreport is [1] and it was also sent to
> perl5-security-report at perl.org list.
>
> [1]: https://rt.cpan.org/Ticket/Display.html?id=82655
The view so far appears to be that this is not exploitable:
http://seclists.org/oss-sec/2013/q1/88
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the Perl-maintainers
mailing list