Bug#698174: perl: double-free in load subroutine for Digest::SHA
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 16 06:33:19 UTC 2013
Hi Dominic
On Tue, Jan 15, 2013 at 11:26:09PM +0000, Dominic Hargreaves wrote:
> On Mon, Jan 14, 2013 at 09:46:55PM +0100, Salvatore Bonaccorso wrote:
> > Upload of Digest::SHA 5.81 mentions the following:
> >
> > 5.81 Mon Jan 14 05:17:08 MST 2013
> > - corrected load subroutine (SHA.pm) to prevent double-free
> > -- Bug #82655: Security issue - segfault
> > -- thanks to Victor Efimov and Nicholas Clark
> > for technical expertise and suggestions
> >
> > Upstream bugreport is [1] and it was also sent to
> > perl5-security-report at perl.org list.
> >
> > [1]: https://rt.cpan.org/Ticket/Display.html?id=82655
>
> The view so far appears to be that this is not exploitable:
>
> http://seclists.org/oss-sec/2013/q1/88
Yes I have seen. I think at this stage we can remove the security tag
for #698174 (and #698172).
Regards,
Salvatore
More information about the Perl-maintainers
mailing list