Bug#698320: Bug#698174: perl: double-free in load subroutine for Digest::SHA
Niko Tyni
ntyni at debian.org
Wed Jan 23 06:51:08 UTC 2013
On Tue, Jan 22, 2013 at 11:59:17PM +0000, Dominic Hargreaves wrote:
> Having this fix only
> in one of the two places Digest::SHA appears in wheezy is probably
> a Bad Thing, so maybe we should upload a fix for wheezy/perl after all.
Yes, I think we should (FWIW). Along with that, I suppose we need to update
Breaks: libdigest-sha-perl (<< 5.61)
in the perl package to read
Breaks: libdigest-sha-perl (<< 5.71-2)
so that any buggy versions of the libdigest-sha-perl package
can't override the fixed version in the perl package.
While at it, I think the fix for #698320 (signed/unsigned wraparound
on 32-bit platforms) could/should go in too. Release team, would that
be OK with you?
(Upstream patch attached.)
--
Niko Tyni ntyni at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 698320.patch
Type: text/x-diff
Size: 1985 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/perl-maintainers/attachments/20130123/e651e56a/attachment-0003.patch>
More information about the Perl-maintainers
mailing list